| 1.2 Enable Auto Update Checks | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Enable app update installs | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
| 2.1.3 Show Bluetooth status in menu bar | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | ACCESS CONTROL |
| 2.3.4 Set a screen corner to Start Screen Saver | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 2.4.2 Disable Internet Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Disable Screen Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.4 Disable Printer Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.6 Disable DVD or CD Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.7 Disable Bluetooth Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - AppleFileServer | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.9 Disable Remote Management - 'ARDAgent file does not exist' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1 Enable FileVault - Encryption Status | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.1 Enable FileVault - Encryption Type | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.3 Enable Firewall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.5 Review Application Firewall Rules | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Pair the remote control infrared receiver if enabled | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | |
| 2.10 Enable Secure Keyboard Entry in terminal.app | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Enable security auditing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed file deletion events' | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Enable "Show Wi-Fi status in menu bar" | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Create network specific locations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 4.6 Ensure nfs server is not running | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Set 'Turn off Encryption Support' to 'Use TLS 1.1 and TLS 1.2' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Secure Home Folders | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.4 Check System folder for world writable files | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.3 Reduce the sudo timeout period | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.10 Require an administrator password to access system-wide preferences | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.12 Create a custom message for the Login Screen | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 5.16 Secure individual keychains and items | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.1 Wireless technology on OS X | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.3 Computer Name Considerations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.9 Apple ID password reset | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 16 - CIFS SMB Signing and Sealing - SMB encryption is enabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 16 - CIFS SMB Signing and Sealing - SMB signing is enabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | |
| 18.10.10.4 (BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | CONFIGURATION MANAGEMENT |
| F5BI-DN-300017 - The digital signature algorithm used for DNSSEC-enabled zones must be set to use RSA/SHA256 or RSA/SHA512. | DISA F5 BIG-IP TMOS DNS STIG v1r1 | F5 | CONFIGURATION MANAGEMENT |
| IIST-SV-000153 - An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000153 - An IIS 8.5 web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent installation of devices that match any of these device IDs - PCI\CC_0C0A | MSCT Windows 10 1803 v1.0.0 | Windows | MEDIA PROTECTION |
