| 2.1.2 Ensure 'Controls when the profile can be removed' is set to 'Always' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.1.8 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.1 Ensure 'Controls when the profile can be removed' is set to 'Never' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2 Configure Security Auditing Flags per local organizational requirements - 'audit successful/failed file attribute modification events' | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.1.19 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.21 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 5.9 Ensure system is set to hibernate - standbydelaylow | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.3.3 Ensure Warn When Visiting A Fraudulent Website in Safari Is Enabled | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| APPL-11-000005 - The macOS system must be configured to lock the user session when a smart token is removed. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000014 - The macOS system must, for networked systems, compare internal information system clocks at least every 24 hours with a server that is synchronized to one of the redundant United States Naval Observatory (USNO) time servers or a time server designated for the appropriate DoD network (NIPRNet/SIPRNet) and/or the Global Positioning System (GPS) - Network Time On | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked - minutesUntilFailedLoginReset | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL |
| APPL-11-000030 - The macOS system must be configured so that log files must not contain access control lists (ACLs). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| APPL-11-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less. | DISA STIG Apple macOS 11 v1r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-11-001002 - The macOS system must monitor remote access methods and generate audit records when successful/unsuccessful attempts to access/modify privileges occur. | DISA STIG Apple macOS 11 v1r5 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-11-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001015 - The macOS system must be configured with audit log folders group-owned by wheel. | DISA STIG Apple macOS 11 v1r5 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-11-001100 - The macOS system must require individuals to be authenticated with an individual authenticator prior to using a group authenticator. | DISA STIG Apple macOS 11 v1r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-11-002012 - The macOS system must be configured to disable the iCloud Calendar services. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-002017 - The macOS system must cover or disable the built-in or attached camera when not in use. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| APPL-12-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000023 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting remote access to the operating system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL |
| APPL-12-000056 - The macOS system must implement approved Key Exchange Algorithms within the SSH server configuration. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| APPL-12-001003 - The macOS system must initiate session audits at system startup, using internal clocks with time stamps for audit records that meet a minimum granularity of one second and can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT), in order to generate audit records containing information to establish what type of events occurred, the identity of any individual or process associated with the event, including individual identities of group account users, establish where the events occurred, source of the event, and outcome of the events including all account enabling actions, full-text recording of privileged commands, and information about the use of encryption for access wireless access to and from the system. | DISA STIG Apple macOS 12 v1r9 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| APPL-12-001014 - The macOS system must be configured with audit log files group-owned by wheel. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-001020 - The macOS system must audit the enforcement actions used to restrict access associated with changes to the system. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| APPL-12-001030 - The macOS system must provide an immediate warning to the System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) when allocated audit record storage volume reaches 75 percent of repository maximum audit record storage capacity. | DISA STIG Apple macOS 12 v1r9 | Unix | AUDIT AND ACCOUNTABILITY |
| APPL-12-002003 - The macOS system must be configured to disable the Network File System (NFS) daemon unless it is required. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002004 - The macOS system must be configured to disable Location Services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002006 - The macOS system must be configured to disable the UUCP service. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002013 - The macOS system must be configured to disable the iCloud Reminders services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002038 - The macOS system must be configured to disable the tftp service. | DISA STIG Apple macOS 12 v1r9 | Unix | IDENTIFICATION AND AUTHENTICATION |
| APPL-12-002039 - The macOS system must be configured to disable the Siri Setup services. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002063 - The macOS system must enforce access restrictions. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-003051 - The macOS system must be configured so that the su command requires smart card authentication. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-005058 - The macOS system must be configured to prevent activity continuation between Apple Devices. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002068 The macOS system must secure user's home folders. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| APPL-15-004001 - The macOS system must configure Apple System Log (ASL) files owned by root and group to wheel. | DISA Apple macOS 15 (Sequoia) STIG v1r3 | Unix | SYSTEM AND INFORMATION INTEGRITY |
