| 1.6 Ensure Install of macOS Updates Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 (L2) Ensure Safe Links for Office Applications is Enabled | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Show Bluetooth status in menu bar | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.29 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.33 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.4.2 Disable Internet Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure Internet Sharing Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.3 Ensure Screen Sharing Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.4 Disable Printer Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.7 Disable Bluetooth Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - SMB | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.9 Disable Remote Management | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.11 Ensure AirDrop Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5.1.2 Ensure all user storage APFS volumes are encrypted | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.2.1 Ensure Gatekeeper is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.8.3 Ensure the OS is not Activate When Resuming from Sleep - Apple DestroyFVKeyOnStandby | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.8.3 Ensure the OS is not Activate When Resuming from Sleep - Apple hibernatemode | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.8.3 Ensure the OS is not Activate When Resuming from Sleep - Apple standby | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure detailed logging is enabled | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure Security Auditing Retention Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.5 Ensure Access to Audit Records Is Controlled - /var/audit | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure Firewall is configured to log | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure HTTP Server Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure FTP server is not running | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.3 Check System folder for world writable files | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.1.4 Ensure Library Validation Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.6 Ensure No World Writable Files Exist in the System Folder | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2 Ensure Password Minimum Length Is Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2 Set a minimum password length | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.7 Ensure Password Age Is Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 5.2.8 Ensure Password History Is Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.8 Password History | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Reduce the sudo timeout period | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.6 Ensure the 'root' Account Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 5.12 Require an administrator password to access system-wide preferences | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Create a custom message for the Login Screen | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.16 Do not enter a password-related hint | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Ensure Login Window Displays as Name and Password Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.1.3 Disable guest account login | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - AFP Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.1.4 Ensure Guest Access to Shared Folders Is Disabled - AFP Sharing | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure Guest Access to Shared Folders Is Disabled - SMB Sharing | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.16 Unified logging | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| AIOS-02-080008 - Apple iOS must implement the management setting: limit Ad Tracking. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004100 - Apple iOS must not allow backup to remote systems (iCloud). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-010600 - Apple iOS must implement the management setting: limit Ad Tracking. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013000 - Apple iOS/iPadOS must implement the management setting: disable AirDrop. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CIS Control 16 (16.8(b)) Disable Any Unassociated Accounts | CAS Implementation Group 1 Audit File | Unix | ACCESS CONTROL |
| CIS_CentOS_6_v3.0.0_Workstation_L2.audit from CIS CentOS Linux 6 Benchmark v3.0.0 | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | |
