| 1.2 Enable Auto Update | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.3 Restrict NTP server to loopback interface - interface listen lo | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Secure screen saver corners - top right corner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.4.1 Disable Remote Apple Events | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Disable Screen Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.9 Disable Remote Management - 'ARDAgent is not running' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.1 Disable 'Wake for network access' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.6.6 Enable Location Services | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.7 Monitor Location Services Access | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.3 iCloud Drive | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.3 Retain authd.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Enable security auditing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.25 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Ensure nfs server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.1 Configure account lockout threshold | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Complex passwords must contain uppercase and lowercase letters | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.7 Password Age | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Enable OCSP and CRL certificate checking - OCSPStyle | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Do not enable the 'root' account | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.8 Disable automatic login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.18 System Integrity Protection status | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.19 Install an approved tokend for smartcard authentication | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.2 Disable 'Show password hints' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.3 Disable the automatic run of safe files in Safari | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.1 Ensure that the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure the vSwitch Forged Transmits policy is set to reject | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 iSight Camera Privacy and Confidentiality Concerns | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.10 Repairing permissions is no longer needed with 10.11 | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| AIOS-18-013000 - Apple iOS/iPadOS 18 must disable password sharing. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
