| 1.2.8 Ensure prevent hosts from accessing their cloud recordings is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.3 Ensure that Security Key Enforcement is Enabled for All Admin Accounts | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.23.2 (L1) Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL |
| 2.4.3 (L2) Ensure Microsoft Defender for Cloud Apps is enabled and configured | CIS Microsoft 365 Foundations v4.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.6 Ensure That the Log Metric Filter and Alerts Exist for Custom Role Changes | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.9 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.14 Ensure 'Access Transparency' is 'Enabled' | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.7 Ensure That RDP Access Is Restricted From the Internet | CIS Google Cloud Platform v3.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'Block Project-Wide SSH Keys' Is Enabled for VM Instances | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Ensure That Compute Instances Do Not Have Public IP Addresses | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2 Consider external secret storage | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2 Consider external secret storage | CIS Red Hat OpenShift Container Platform v1.7.0 L2 | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.3.6 Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on' | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 61.1 (L2) Ensure 'Disallow Cloud Notification' is set to 'Allow' | CIS Microsoft Intune for Windows 11 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization). | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004200 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-011300 - Apple iOS must implement the management setting: Disable Allow Shared Albums. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004200 - Apple iOS/iPadOS must not allow backup to remote systems (iCloud document and data synchronization). | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-011300 - Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| APPL-13-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-09-003900 - The Google Android Pie must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 9.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-15-008600 - Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-008600 - Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | ACCESS CONTROL |
| MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Motorola Android Pie.x COBO v1r2 | MDM | ACCESS CONTROL |
| MOTO-09-003900 - The Motorola Android Pie must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Motorola Android Pie.x COPE v1r2 | MDM | ACCESS CONTROL |
| MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | ACCESS CONTROL |
| MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000197 - Microsoft consumer experiences must be turned off. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000197 - Microsoft consumer experiences must be turned off. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 11 COBO v1r3 | MDM | ACCESS CONTROL |
