| 1.3 Enable app update installs | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.4 Audit Security Keys Used With AppleIDs | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
| 2.5.7 Monitor Location Services Access | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.7 Monitor Location Services Access | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.3 iCloud Drive | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 1' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.4 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/ | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/ | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - rules.d /etc/selinux/ | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - rules.d /usr/share/selinux/ | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - rules.d /usr/share/selinux/ | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - rules.d /usr/share/selinux/ | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Create network specific locations | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 5.1.3 Check System Wide Applications for appropriate permissions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.2 Set a minimum password length | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
| 5.3 Reduce the sudo timeout period | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.9 Require a password to wake the computer from sleep or screen saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.14 Do not enter a password-related hint | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.18 Install an approved tokend for smartcard authentication | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 6.1.1 Display login window as name and password | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - AFP Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Disable the automatic run of safe files in Safari | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 (L1) Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure the vSwitch MAC Address Change policy is set to reject | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-15-002035 - The macOS system must disable Apple ID setup during Setup Assistant. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Allow Administrators to Promote Other Users to Administrator Status | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000720 - The Cisco PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-70-000060 - All port groups on standard switches must be configured to reject guest Media Access Control (MAC) address changes. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000014 - The system must ensure that the dvPortgroup Forged Transmits policy is set to reject. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT |
| VCWN-65-000013 - The vCenter Server for Windows must set the distributed port group Forged Transmits policy to reject. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
