| 2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 14.0 Sonoma v3.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Desktop | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.4 Ensure iCloud Drive Document and Desktop Sync is Disabled - Document | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.4 iCloud Drive Document and Desktop sync - desktop | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.4 iCloud Drive Document and Desktop sync - document | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.4 iCloud Drive Document sync | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.5 iCloud Drive Desktop sync | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.6 Review 'Allow iCloud Keychain' settings | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.1 (L1) Ensure Information Protection sensitivity label policies are published | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | RISK ASSESSMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure ip forwarding is disabled | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.7 (L1) Enable Identity Protection sign-in risk policies | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 5.4.2 Ensure Control Plane Authorized Networks is Enabled | CIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6.3 Ensure Control Plane Authorized Networks is Enabled | CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6.6 Consider firewalling GKE worker nodes | CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.10.2 Ensure that Alpha clusters are not used for production workloads | CIS Google Kubernetes Engine GKE v1.9.0 L1 GCP | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure Root Domain Alias Record Points to ELB | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.5 (L2) Ensure Direct Send submissions are rejected | CIS Microsoft 365 Foundations v6.0.1 L2 E3 | microsoft_azure | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.5 (L2) Ensure Direct Send submissions are rejected | CIS Microsoft 365 Foundations v6.0.1 L2 E5 | microsoft_azure | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2.3 (L1) Ensure external Teams users cannot initiate conversations | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 8.2.3 (L1) Ensure external Teams users cannot initiate conversations | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 18.10.17.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.17.1 Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.17.1 Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.17.1 Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 89.15 (L1) Ensure 'Deny Remote Desktop Services Log On' to include 'Guests, Local account' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.17 (L1) Ensure 'Deny Remote Desktop Services Log On' to include 'Guests, Local account' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
