| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.69 (L1) Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.5 Point-in-Time Recovery | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | CONTINGENCY PLANNING |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top right corner | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.5.1 Disable 'Wake for network access' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.5.2 Disable sleeping the computer when connected to power | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.6.6 Enable Location Services | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.7 Monitor Location Services Access | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Lock Out Accounts if Not Currently in Use | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 2.7.3 iCloud Drive | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | CONFIGURATION MANAGEMENT |
| 2.9 Ensure MariaDB is Bound to an IP Address | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.10 Limit Accepted Transport Layer Security (TLS) Versions | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Require Client-Side Certificates (X.509) | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Ensure Only Approved Ciphers are Used | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Enable data-at-rest encryption in MariaDB | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.4 Check Library folder for world writable files | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | ACCESS CONTROL |
| 5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Enable OCSP and CRL certificate checking - OCSPStyle | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.19 Install an approved tokend for smartcard authentication | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.3 Ensure 'log_warnings' is Set to '2' | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure Audit Logging Is Enabled | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 6.6 Ensure Binary and Relay Logs are Encrypted | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 iSight Camera Privacy and Confidentiality Concerns | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.3 Computer Name Considerations | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.7 App Store Automatically download apps purchased on other Macs Considerations | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.8 Extensible Firmware Interface (EFI) password | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 9.4 Ensure only approved ciphers are used for Replication | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| CIS_Apple_macOS_12.0_Monterey_Cloud-tailored_v1.1.0_L1.audit from CIS Apple macOS 12.0 Monterey Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | |
| CIS_Apple_macOS_12.0_Monterey_Cloud-tailored_v1.1.0_L2.audit from CIS Apple macOS 12.0 Monterey Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L2 | Unix | |
| CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.1.0_L2.audit from CIS Apple macOS 13.0 Ventura Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L2 | Unix | |
| CIS_Apple_macOS_14.0_Sonoma_Cloud-tailored_v1.1.0_L1.audit from CIS Apple macOS 14.0 Sonoma Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | |
| DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001810 - On Linux, a non-AUFS storage driver in the Docker Engine - Enterprise component of Docker Enterprise must be used. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001830 - The userland proxy capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001890 - The option in Universal Control Plane (UCP) allowing users and administrators to schedule containers on all nodes, including UCP managers and Docker Trusted Registry (DTR) nodes must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001910 - Periodic data usage and analytics reporting in Universal Control Plane (UCP) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001920 - Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-L2-000050 - The Juniper EX switch must be configured to permit authorized users to select a user session to capture. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
