| 1.2 Enable Auto Update | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Restrict NTP server to loopback interface - interface listen lo | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.3 Restrict NTP server to loopback interface - restrict lo | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.4.1 Disable Remote Apple Events | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Disable Screen Sharing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.9 Disable Remote Management - 'ARDAgent is not running' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Pair the remote control infrared receiver if enabled - 'UIDFilter != none' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Retain system.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.3 Retain authd.log for 90 or more days | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Enable security auditing | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure ftp server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Ensure nfs server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.9 Enable Kernel Level Auditing - Check audit condition is set to auditing | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.1 Configure account lockout threshold | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.2.3 Complex passwords must contain an Alphabetic Character - '1 letter' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3 Complex passwords must contain an Alphabetic Character - 'RequiresAlpha' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Complex passwords must contain uppercase and lowercase letters | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 5.2.7 Password Age | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Reduce the sudo timeout period | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.7 Do not enable the 'root' account | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.8 Disable automatic login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.18 System Integrity Protection status | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.2 Disable 'Show password hints' | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.3 Disable the automatic run of safe files in Safari | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Automatic Actions for Optical Media | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.10 Repairing permissions is no longer needed with 10.11 | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| AIOS-17-012650 - Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012650 - Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
