| 2.3.1.1 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.1.1 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.1.1 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.11 Ensure AirDrop Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.11 Ensure AirDrop Is Disabled When Not Actively Transferring Files | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.1 (L1) Ensure Information Protection sensitivity label policies are published | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | RISK ASSESSMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS SUSE Linux Enterprise 15 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.4.1 Configure LLDP | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Configure CDP | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Audit Software Inventory | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.7 Audit Software Inventory | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 5.1.4 Ensure only trusted container images are used | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.2.2.3 (L1) Enable Conditional Access policies to block legacy authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 5.2.2.6 (L1) Enable Identity Protection user risk policies | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.7 (L1) Enable Identity Protection sign-in risk policies | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.8 (L2) Ensure 'sign-in risk' is blocked for medium and high risk | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.2.9 (L1) Ensure a managed device is required for authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.9 (L1) Ensure a managed device is required for authentication | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.5.3 Ensure Node Auto-Upgrade is enabled for GKE nodes | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.6.2 Ensure use of VPC-native clusters | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.5 Ensure that multifactor authentication is required for risky sign-ins | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2.3 (L1) Ensure external Teams users cannot initiate conversations | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 8.2.3 (L1) Ensure external Teams users cannot initiate conversations | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 9.1.16 Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is enabled | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT |
| 18.10.92.4.2 (L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: 180 or more days' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.4.2 (L1) Ensure 'Select when Preview Builds and Feature Updates are received' is set to 'Enabled: 180 or more days' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| MYS8-00-008100 - The MySQL Database Server 8.0 must protect its audit configuration from unauthorized modification. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
