| 1.1.1 - AirWatch - Update firmware to latest version | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.2 - AirWatch - Enable Passcode Lock - 'Passcode Required = true' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.4 - MobileIron - Set Auto-lock - 'Inactivity Timeout <= 2' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.6 - AirWatch - Disable Access to Control Center on Lock Screen | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.12 - AirWatch - Turn off VPN when not needed | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.12 - MobileIron - Turn off VPN when not needed | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.13 - AirWatch - Turn off VPN when not needed | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.17 - AirWatch - Enable Automatic Downloads of App Updates | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.17 - MobileIron - Enable Automatic Downloads of App Updates | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.21 - MobileIron - Erase all data before return, recycle, reassignment, or other disposition | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.2 - AirWatch - Do Not Allow Simple Value | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 - MobileIron - Do Not Allow Simple Value | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 - AirWatch - Set minimum passcode length | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 2.2.6 - MobileIron - Set Maximum Auto-lock | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - AirWatch - Set Maximum number of failed attempts | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.7 - AirWatch - Set Maximum number of failed attempts | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.3.3.8 Ensure Internet Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.10.3 Ensure a Custom Message for the Login Screen Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.10.5 Ensure Show Password Hints Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11.1 Ensure Users' Accounts Do Not Have a Password Hint | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.1 - AirWatch - Enable 'Require password' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.3 - MobileIron - Set the 'minimum password length' | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 3.1.5 - AirWatch - Set the 'timeout' for 'Time without user input before password must be re-entered (in minutes)' | AirWatch - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.1.6 - AirWatch - Limit the 'Number of failed attempts allowed' | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure Security Auditing Retention Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure NFS Server Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Review 'iCloud Private Relay' settings | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.1 Ensure all user storage APFS volumes are encrypted | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Ensure Show All Filename Extensions Setting is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.3.1 Ensure Automatic Opening of Safe Files in Safari Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.3 Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.4 Ensure Prevent Cross-site Tracking in Safari Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.7 Ensure Show Full Website Address in Safari Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.9 Audit Pop-up Windows | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4.1 Ensure Secure Keyboard Entry Terminal.app Is Enabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Apple Filing Protocol Sharing | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Apple Filing Protocol Sharing | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Apple Filing Protocol Sharing | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Guest Access to Shared Apple File Protocol Folders | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Enforce Apple Mobile File Integrity | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
