| 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.2 Ensure /tmp is configured - systemctl | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.13 Ensure nodev option set on /var/tmp partition | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.20 Ensure sticky bit is set on all world-writable directories | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.28 Disable USB Storage | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.1.5 Ensure permissions on /etc/issue are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Ensure GDM login banner is configured - banner message enabled | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.1.2 Ensure AirPlay Receiver Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.1 Ensure DVD or CD Sharing Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.2 Ensure Screen Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.5 Ensure Remote Login Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.7 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.7 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.8 Ensure Internet Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4 (L2) Ensure default self-signed certificate for ESXi communication is not used | CIS VMware ESXi 7.0 v1.5.0 L2 Bare Metal | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.2 Ensure Internet Sharing Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.5 Ensure Remote Login Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.12 Ensure Media Sharing Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.13 Ensure AirPlay Receiver Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.2 Ensure Power Nap Is Disabled for Intel Macs | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 Audit Universal Control Settings | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.5 Ensure permissions on /etc/hosts.deny are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.5 Ensure permissions on /etc/hosts.deny are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure Bonjour Advertising Services Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.5 Review Airprint | MobileIron - CIS Apple iOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.5 Review Airprint | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Review 'Mail Privacy Protection' settings | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Review 'Mail Privacy Protection' settings | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Review 'Mail Privacy Protection' settings | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.12 Ensure SSH PermitUserEnvironment is disabled | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.2.12 Ensure SSH PermitUserEnvironment is disabled | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.3 Ensure password reuse is limited | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.23 Ensure SSH AllowTcpForwarding is disabled | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.6 Ensure access to the su command is restricted - /etc/group | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.6 Ensure root PATH Integrity | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.11 Ensure no users have .forward files | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.12 Ensure no users have .netrc files | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.14 Ensure no users have .rhosts files | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.16 Ensure no duplicate UIDs exist | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.20 Ensure shadow group is empty | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.20 (L1) Virtual machines must limit access through the "dvfilter" network API | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.3.4 (L1) Ensure standard processes are used for VM deployment | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
