| 1.2 Ensure Auto Update Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Download New Updates When Available Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 2.4.5 Disable Remote Login | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.5 Ensure Show Password Hints Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure Security Auditing Is Enabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.4 Ensure 'Allow iCloud backup' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.7 Ensure 'Allow managed apps to store data in iCloud' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.8 Ensure 'Force encrypted backups' is set to 'Enabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.8 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.8 Ensure 'Force encrypted backups' is set to 'Enabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.9 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.14 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.16 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.20 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.28 Ensure 'Allow setting up new nearby devices' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1.32 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL |
| 3.3 Ensure install.log Is Retained for 365 or More Days and No Maximum Size | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5.1 Ensure 'Disable Association MAC Randomization' is 'Configured' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1.4 Ensure 'App Privacy Report' is enabled | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.2 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure HTTP Server Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'Install iOS Updates' of 'Automatic Updates' is set to 'Enabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure 'Software Update' returns 'Your software is up to date.' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure 'Software Update' returns 'Your software is up to date.' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.6 Review 'Mail Privacy Protection' settings | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Review 'Mail Privacy Protection' settings | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.1 Ensure Home Folders Are Secure | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.5 Ensure No World Writable Folders Exist in the System Folder | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.5 Ensure Complex Password Must Contain Special Character Is Configured | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.3.3 Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.3 Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple macOS 11 v1r8 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Big Sur - Ensure Seperate Execution Domain for Processes | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Ensure Seperate Execution Domain for Processes | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Ensure Seperate Execution Domain for Processes | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Ensure Seperate Execution Domain for Processes | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Ensure Seperate Execution Domain for Processes | NIST macOS Monterey v1.0.0 - All Profiles | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
