| 1.1.2.3.1 Ensure separate partition exists for /home | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.1 Ensure separate partition exists for /var | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.1.5 Ensure the SELinux mode is enforcing | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.1.6 Ensure no unconfined services exist | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.8 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.9 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.11 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.22 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.24 Ensure 'Allow Handoff' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Ensure 'Managed Safari Web Domains' is 'Configured' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure Access to Audit Records Is Controlled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure Other Write Access on Apache Directories and Files Is Restricted | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L2 Institution Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7.2 Ensure 'Allow Mail Drop' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure the Pid File Is Secured | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.12 Ensure Group Write Access for the Document Root Directories and Files Is Properly Restricted | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.7 Restrict Access to SYSCAT.CONTEXTATTRIBUTES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.11 Restrict Access to SYSCAT.DBAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.23 Restrict Access to SYSCAT.ROUTINES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.26 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.29 Restrict Access to SYSCAT.SECURITYPOLICYCOMPONENTRULES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.40 Restrict Access to SYSCAT.USEROPTIONS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.41 Restrict Access to SYSCAT.VARIABLEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.45 Restrict Access to SYSCAT.XSROBJECTAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.6 Restrict Access to SYSIBM.SYSCOLUMNS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.8 Restrict Access to SYSIBM.SYSCONTEXTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.13 Restrict Access to SYSIBM.SYSEVENTTABLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.14 Restrict Access to SYSIBM.SYSEXTTAB | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.15 Restrict Access to SYSIBM.SYSINDEXAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.16 Restrict Access to SYSIBM.SYSMODULEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.18 Restrict Access to SYSIBM.SYSPLANAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.28 Restrict Access to SYSIBM.SYSSECURITYLABELCOMPONENTELEMENTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.31 Restrict Access to SYSIBM.SYSSECURITYPOLICIES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.35 Restrict Access to SYSIBM.SYSSEQUENCEAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.43 Restrict Access to SYSIBM.SYSVARIABLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.46 Restrict Access to SYSIBM.SYSXSROBJECTAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Ensure OverRide Is Disabled for All Directories | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.3 Restrict Access to SYSIBMADM.PRIVILEGES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.9 Restrict Access to SYSIBMADM.PRIVILEGES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4 Nested Roles | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.2 Ensure audit log files mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.5 Ensure audit configuration files mode is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.6 Ensure audit configuration files owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.4.7 Ensure audit configuration files group owner is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L2 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 11.2 Ensure Apache Processes Run in the httpd_t Confined Context | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
