| 1.1.13 - MobileIron - Enable 'Lock SIM card' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.14 - AirWatch - Turn off Bluetooth when not needed | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.14 - MobileIron - Turn off Bluetooth when not needed | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.3.3 - AirWatch - Mark Company Mail Domain | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 3.2.1.11 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.4.2 Ensure 'Require alphanumeric value' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 9.1 Start and Stop DB2 Instance | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| 18.9.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | MEDIA PROTECTION |
| 18.9.8.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.7.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | MEDIA PROTECTION |
| 18.10.7.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | MEDIA PROTECTION |
| 18.10.7.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | MEDIA PROTECTION |
| 18.10.7.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | MEDIA PROTECTION |
| 18.10.7.2 Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | MEDIA PROTECTION |
| 18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | MEDIA PROTECTION |
| 18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | MEDIA PROTECTION |
| 18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | MEDIA PROTECTION |
| 18.10.8.2 (L1) Ensure 'Set the default behavior for AutoRun' is set to 'Enabled: Do not execute any autorun commands' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | MEDIA PROTECTION |
| AIOS-12-004600 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud). | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows 10 v1507 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server v2004 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Check for signatures on downloaded programs | MSCT Windows 11 v22H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ESXi: esxi-8.supported | VMware vSphere Security Configuration and Hardening Guide 8.0 - Bare Metal Host | Unix | CONFIGURATION MANAGEMENT |
| GEN002300 - Device files used for backup must only be readable and/or writable by root or the backup user. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003000 - Cron must not execute group-writable or world-writable programs. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003000 - Cron must not execute group-writable or world-writable programs. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN005390 - The /etc/syslog.conf file must have mode 0640 or less permissive - /etc/syslog.conf | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN008680-ESXI5-000056 - If the system boots from removable media, it must be stored in a safe or similarly secured container. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| IISW-SI-000241 - The IIS 8.5 private website have a server certificate issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| TCAT-AS-001700 - Tomcat users in a management role must be approved by the ISSO. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| VCSA-70-000278 - The vCenter Server must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000291 - The vCenter Server must limit membership to the "TrustedAdmins" Single Sign-On (SSO) group. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-06-000034 - The system must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere vCenter 6.x v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000034 - The vCenter Server for Windows must use unique service accounts when applications connect to vCenter. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN12-AU-000201 - Audit data must be retained for at least one year. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-AU-000203-01 - Audit records must be backed up onto a different system or media than the system being audited. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000203-01 - Audit records must be backed up onto a different system or media than the system being audited. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-AU-000203-02 - The operating system must, at a minimum, off-load audit records of interconnected systems in real time and off-load standalone systems weekly. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN16-00-000060 - Manually managed application account passwords must be at least 14 characters in length. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN16-AU-000010 - Audit records must be backed up to a different system or media than the system being audited. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| WN19-00-000050 - Windows Server 2019 manually managed application account passwords must be at least 14 characters in length. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-AU-000020 - Windows Server 2019 must, at a minimum, offload audit records of interconnected systems in real time and offload standalone or nondomain-joined systems weekly. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
