| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or `From current website only` | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 31 - Starting with Security Manager | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 39 - Increase the entropy in session identifiers | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Android Work Profile Device Configuration - Maximum minutes of inactivity until work profile locks | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Work Profile Device Configuration - Prevent app installations from unknown sources in the personal profile | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Require Work Profile Password | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Work profile notifications while device locked | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Work Profile Device Configuration - Work Profile Password expiration (days) | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Work Profile Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CIS_Apple_macOS_10.13_v1.1.0_Level_1.audit from CIS Apple macOS 10.13 Benchmark v1.1.0 | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | |
| CIS_Apple_macOS_10.13_v1.1.0_Level_2.audit from CIS Apple macOS 10.13 Benchmark v1.1.0 | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Ensure default user shell timeout is 900 seconds or less - /etc/profile | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure LDAP client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure LDAP client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure LDAP client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsh client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure rsyslog or syslog-ng is installed | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure talk client is not installed - dpkg | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure talk client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure TCP Wrappers is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure telnet client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure telnet client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure timezone is properly configured | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| Ensure updates, patches, and additional security software are installed - apt-get | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure updates, patches, and additional security software are installed - yum | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure updates, patches, and additional security software are installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| IBM HTTP Server is installed and running on the system | TNS IBM HTTP Server Best Practice | Unix | |
| iOS Compliance Policy - Managed Email Profile Required | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| iOS Device Management - Configuration profile changes | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SNMP: configure community strings | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
