| 1.1.1 - MobileIron - Update firmware to latest version | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.1.2 - MobileIron - Enable Passcode Lock - 'Passcode Required = on' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.13 - AirWatch - Turn off Bluetooth when not needed | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.13 - MobileIron - Turn off Bluetooth when not needed | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.14 - AirWatch - Turn off Bluetooth when not needed | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.14 - MobileIron - Turn off Bluetooth when not needed | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.5 Ensure Install Application Updates from the App Store Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 - MobileIron - Set Security to disallow profile removal | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.2 - MobileIron - Do Not Allow Simple Value | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4 - MobileIron - Set minimum passcode length | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.6 - AirWatch - Set Maximum Auto-lock | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.6 - AirWatch - Set Maximum Auto-lock | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.3.1.1 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.1.2 Ensure AirPlay Receiver Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.2.2 Ensure the Time Service Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3.3.1 Ensure DVD or CD Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.3 Ensure File Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.4 Ensure Printer Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.1 Audit Siri Settings | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.2 Ensure Listen for (Siri) Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.3.3 Ensure Improve Assistive Voice Features Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.6 Ensure FileVault Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.8 Ensure an Administrator Password Is Required to Access System-Wide Preferences | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9.2 Ensure Power Nap Is Disabled for Intel Macs | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.10.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL |
| 2.11.2 Audit Touch ID | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
| 2.12.1 Ensure Guest Account Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.12.3 Ensure Automatic Login Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.13.1 Audit Passwords System Preference Setting | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.17.1 Audit Internet Accounts for Authorized Use | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.1 - MobileIron - Enable 'Require password' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.3 - AirWatch - Set the 'minimum password length' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.1.3 - AirWatch - Set the 'minimum password length' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.5 - MobileIron - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - MobileIron - Limit the 'Number of failed attempts allowed' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.2 Ensure System Integrity Protection Status (SIP) Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.4 Ensure Signed System Volume (SSV) Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.5 Ensure Appropriate Permissions Are Enabled for System Wide Applications | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Ensure the Sudo Timeout Period Is Set to Zero | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.11 Ensure Logging Is Enabled for Sudo | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL |
