| 1.9 Ensure the System is Managed by a Mobile Device Management (MDM) Software | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONTINGENCY PLANNING |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONTINGENCY PLANNING |
| 2.2.1.4 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.5 Activate AppArmor - '0 profiles in complain mode' | CIS Ubuntu 12.04 LTS Benchmark L2 v1.1.0 | Unix | ACCESS CONTROL |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Ensure Apple Mobile File Integrity (AMFI) Is Enabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.17 Ensure only strong MAC algorithms are used - MACs employing FIPS 140-2 approved cryptographic hash algorithms. | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 7.1 Extensible Firmware Interface (EFI) password | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| AIOS-02-080102 - Apple iOS must implement the management setting: not allow use of Handoff. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-013300 - Apple iOS/iPadOS must disable allow setting up new nearby devices. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-013700 - The Apple iOS/iPadOS must be Supervised by the MDM. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-013700 - The Apple iOS/iPadOS must be Supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011600 - The Apple iOS/iPadOS must be supervised by the MDM. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011600 - The Apple iOS/iPadOS must be supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-012900 - Apple iOS/iPadOS 15 must disable password proximity requests. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013200 - The Apple iOS/iPadOS 15 must be supervised by the MDM. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-013200 - The Apple iOS/iPadOS 15 must be supervised by the MDM. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012800 - Apple iOS/iPadOS 18 must disable 'Allow setting up new nearby devices' - Allow setting up new nearby devices. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012800 - Apple iOS/iPadOS 18 must disable 'Allow setting up new nearby devices' - Allow setting up new nearby devices. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012900 - Apple iOS/iPadOS 18 must disable password proximity requests. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-14-002021 The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-002021 - The macOS system must disable sending diagnostic and usage data to Apple. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-15-002160 - The macOS system must disable iCloud Game Center. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-005150 - The macOS system must disable Apple Intelligence Image Generation. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-005160 - The macOS system must disable Apple Intelligence Writing Tools. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Allow Administrators to Modify Security Settings and System Attributes | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - Allow Administrators to Modify Security Settings and System Attributes | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| Monterey - Allow Administrators to Modify Security Settings and System Attributes | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000244 The Photon operating system must enable hardlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| vCenter: vcenter-8.network-reject-forged-transmit-dvportgroup | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : reject-forged-transmit - 'PortGroup' | VMWare vSphere 5.X Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
