| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3.6.3 Set 'startup (minutes)' to '10 or more minute(s)' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.4.7.6 Set 'Configure automatic updating' to '3 - Auto download and notify for install' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.15 Configure 'Turn off Automatic Download of updates' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'LDAP' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 7 v1.1.0 L2 MongoDB | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterFile | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile | CIS MongoDB 4 L1 OS Windows v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.13 Ensure Cloud Asset Inventory Is Enabled | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 5.7.1 Enable Security Posture | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.10.5 Enable Security Posture | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.11 Ensure system is set to hibernate | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Check for Remote Consoles | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| Rackspace Server Images | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Rackspace Database Flavors | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
