| 1.1 Ensure device firmware is up to date | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.3 Ensure 'Make pattern visible' is set to 'Disabled' (if using a pattern as device lock mechanism) | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.5 Ensure 'Power button instantly locks' is set to 'Enabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | IDENTIFICATION AND AUTHENTICATION |
| 1.6 Ensure 'Lock Screen Message' is configured | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 1.7 Do not connect to untrusted Wi-Fi networks | MobileIron - CIS Google Android v1.3.0 L2 | MDM | |
| 1.8 Ensure 'Show passwords' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.9 Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.12 Ensure 'Smart Lock' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.13 Ensure 'Lock SIM card' is set to 'Enabled' | AirWatch - CIS Google Android v1.3.0 L2 | MDM | |
| 1.16 Ensure 'Remotely locate this device' is set to 'Enabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 1.18 Ensure 'Scan device for security threats' is set to 'Enabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | |
| 1.22 Ensure 'Wi-Fi assistant' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.24 Ensure 'Add users from lock screen' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.27 Ensure 'Instant apps' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1 Ensure That Cloud Audit Logging Is Configured Properly | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.1.4 Ensure correct system time is configured through NTP | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure 'Back up to Google Drive' is 'Disabled' | AirWatch - CIS Google Android v1.3.0 L2 | MDM | |
| 2.4 Ensure 'Web and App Activity' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'Web and App Activity' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.3 Ensure admin accounts with different privileges have their correct profiles assigned | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL |
| 2.4.8 Virtual patching on the local-in management interface | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.5 Ensure 'Device Information' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'Device Information' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.5 Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.5.3 Ensure HA Reserved Management Interface is configured | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'Microphone' is set to 'Enabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | ACCESS CONTROL |
| 3.4 Ensure 'Safe Browsing' is set to 'Enabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | |
| 3.4 Ensure logging is enabled on all firewall policies | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'Do Not Track' is set to 'Enabled' | AirWatch - CIS Google Android v1.3.0 L2 | MDM | |
| 4.1.2.1 Ensure audit log storage size is configured | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.2 Ensure audit logs are not automatically deleted | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - 'space_left_action = email' | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - rules.d EPERM 32-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - rules.d EPERM 64-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure system administrator command executions (sudo) are collected - rules.d 64-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/insmod | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/modprobe | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/rmmod | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Ensure 'Block Project-Wide SSH Keys' Is Enabled for VM Instances | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Enable Compromised Host Quarantine | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.1.3 Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off' | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 6.2.3 Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.7 Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1' (Disabled) | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3.1 Centralized Logging and Reporting | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | AUDIT AND ACCOUNTABILITY |
