| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3.6.3 Set 'startup (minutes)' to '10 or more minute(s)' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.7.6 Set 'Configure automatic updating' to '3 - Auto download and notify for install' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.15 Configure 'Turn off Automatic Download of updates' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'LDAP' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Only Necessary Authentication and Authorization Modules Are Enabled - 'Loaded ldap* modules' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 3.6 L2 Unix Audit v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - CAFile | CIS MongoDB 4 L1 OS Windows v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterFile | CIS MongoDB 4 L1 OS Windows v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile | CIS MongoDB 4 L1 OS Linux v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Ensure Cloud Asset Inventory Is Enabled | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, PROGRAM MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.9 Ensure 'Allow network drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.10 Ensure inbound firewall filter is set for Loopback interface | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 5.7.1 Enable Security Posture | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.10.5 Enable Security Posture | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 7.1 Extensible Firmware Interface (EFI) password | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.3.2 Ensure use of the VM console is limited | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 9.1 Check for Remote Consoles | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (BL) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'Enumeration policy for external devices incompatible with Kernel DMA Protection' is set to 'Enabled: Block All' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| Review the list of all Domains updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Domains | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
