| 1.1.6.1.1 Ensure when a cloud recording is available is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.4.2 Ensure automatic recording is set to 'Record in the Cloud' | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.11 Ensure the host can delete cloud recordings is set to disabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.72 (L1) Ensure 'Configure Related Matches in Find on Page' is set to 'Disabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.179 WN10-CC-000390 | CIS Microsoft Windows 10 STIG v1.0.0 CAT III | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.12 Ensure That Cloud DNS Logging Is Enabled for All VPC Networks | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.14 Ensure 'Access Transparency' is 'Enabled' | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4.2 Consider external secret storage | CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1 Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS | CIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.1 Manage Kubernetes RBAC users with Google Groups for GKE | CIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2 | GCP | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.3.6 Ensure '3625 (trace flag)' Database Flag for all Cloud SQL SQL Server Instances Is Set to 'on' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.10.40.1 (L1) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.40.1 Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.40.1 Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| AIOS-12-011300 - Apple iOS must implement the management setting: Disable Allow Shared Albums. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| Android Device Configuration - Encryption on storage cards | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Device Configuration - Google account auto sync | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 13 COPE STIG v2r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708600 - Google Android 13 must be configured to not allow backup of all work profile applications to remote systems. | AirWatch - DISA Google Android 13 BYOAD v1r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 14 COBO STIG v2r3 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708600 - Google Android 14 must be configured to not allow backup of all work profile applications to remote systems. | AirWatch - DISA Google Android 14 BYOAD v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| iOS Device Management - Backup to iCloud | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Block iCloud Document sync | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - iCloud Photo Library | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Photo stream syncing to iCloud | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MS.AAD.3.6v1 - Phishing-resistant MFA SHALL be required for highly privileged roles. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| OpenStack Identity - Disable admin token in /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| WN10-CC-000390 - Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications. | DISA Microsoft Windows 10 STIG v3r6 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000390 - Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications. | DISA Microsoft Windows 11 STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
