| 1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Show Bluetooth status in menu bar | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Restrict NTP server to loopback interface - restrict lo | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.1.1 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.2 Secure screen saver corners - bottom right corner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top left corner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.3.3.2 Ensure File Sharing Is Disabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1 Enable FileVault - Encryption Status | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.2 Enable Gatekeeper | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.3 Enable Firewall | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7.2 iCloud keychain | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 2.8.1 Time Machine Auto-Backup | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONTINGENCY PLANNING |
| 2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 1' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.11 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.20 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure ftp server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3 Reduce the sudo timeout period | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.6 Enable OCSP and CRL certificate checking - CRLStyle | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.15 Disable Fast User Switching | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Wireless technology on OS X | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.6 Automatic Actions for Optical Media | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| DTOO131 - Trust Bar Notifications for unsigned application add-ins must be blocked. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | CONFIGURATION MANAGEMENT |
| DTOO157 - Redirection behavior for upgraded web sites by SharePoint must be blocked. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTOO167 - Opening behavior for Email forms containing code or scripts must be controlled. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO173 - Disabling of email forms from the Full Trust Security Zone must be configured. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO211 - ActiveX Installs must be configured for proper restriction. | DISA STIG Microsoft Publisher 2013 v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO297 - A form that is digitally signed must be displayed with a warning. | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | CONFIGURATION MANAGEMENT |
