| 1.3 Disable MariaDB Command History - .mysql_history | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | MEDIA PROTECTION |
| 1.5 Ensure Interactive Login is Disabled | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL |
| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Point-in-Time Recovery | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | CONTINGENCY PLANNING |
| 2.4 Configure TCP Wrappers - Allow localhost. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Deny access to this server from all networks | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Make sure that /etc/hosts.allow does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Configure TCP Wrappers - Make sure that /etc/hosts.deny does exist. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Lock Out Accounts if Not Currently in Use | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Ensure MariaDB is Bound to an IP Address | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.10 Limit Accepted Transport Layer Security (TLS) Versions | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Require Client-Side Certificates (X.509) | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.16.1 Audit Wallet & Apple Pay Settings | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack_log' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Enable Stack Protection - Makes sure 'noexec_user_stack' is set to 1 in /etc/system. Note: Only applicable if NX bit is set. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Enable Debug Level Daemon Logging - Check if permissions for /var/log/connlog are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure 'allow-suspicious-udfs' is Set to 'OFF' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Enable data-at-rest encryption in MariaDB | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Enable Kernel Level Auditing - Check audit condition is set to auditing | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | ACCESS CONTROL |
| 5.7 Do not enable the "root" account | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.9 Require a password to wake the computer from sleep or screen saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 6.1.3 Disable guest account login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Ensure 'log_warnings' is Set to '2' | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure Audit Logging Is Enabled | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure Binary and Relay Logs are Encrypted | CIS MariaDB 10.6 on Linux L2 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Set EEPROM Security Mode and Log Failed Access - SPARC only. Should *not* be 'security-mode=none'. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.3 Set Strong Password Creation Policies - Check DICTIONLIST is set to /usr/share/lib/dict/words | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check HISTORY is set to 10 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINLOWER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check MINUPPER is set to 1 | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.3 Set Strong Password Creation Policies - Check NAMECHECK is set to YES | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/.login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.8 Set 'mesg n' as Default for All Users in /etc/.login | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 7.8 Set 'mesg n' as Default for All Users in /etc/profile | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.labelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is not set to default string. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if 'Dtlogin*greeting.persLabelString' is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.2 Create Warning Banner for CDE Users - Check if file permissions for files under /etc/dt/config/*/Xresources are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| AIOS-17-012650 - Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012650 - Apple iOS/iPadOS 17 must implement the management setting: approved Apple Watches must be managed by an MDM. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | MobileIron - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012650 - Apple iOS/iPadOS 18 must implement the management setting: approved Apple Watches must be managed by an MDM. | AirWatch - DISA Apple iOS/iPadOS 18 v1r4 | MDM | CONFIGURATION MANAGEMENT |
