| 1.3.1 Ensure 'Minimum Password Complexity' is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.4.1 Ensure 'Idle timeout' is less than or equal to 10 minutes for device management | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.15 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.3.2 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | ACCESS CONTROL |
| 2.3.3 Audit Lock Screen and Start Screen Saver Tools | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.3 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.9 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.31 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.31 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3 Ensure the Sudo Timeout Period Is Set to Zero | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL |
| 5.5.4 Ensure default user shell timeout is configured | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.7 Ensure an Administrator Account Cannot Log In to Another User's Active and Locked Session | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL |
| 18.4.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.5.9 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.5.9 Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 18.8.34.6.1 (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.8.34.6.2 (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.9.32.6.2 (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.1 (L1) Ensure 'Enable screen saver' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 19.1.3.3 (L1) Ensure 'Password protect the screen saver' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| Big Sur - Disable Accounts after 35 Days of Inactivity | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Catalina - Disable Accounts after 35 Days of Inactivity | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Accounts after 35 Days of Inactivity | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Accounts after 35 Days of Inactivity | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Monterey - Disable Accounts after 35 Days of Inactivity | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
