| 1.1.1.2.1.23 Configure 'Devices: Restrict CD-ROM access to locally logged-on user only' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.23 Configure 'Devices: Restrict CD-ROM access to locally logged-on user only' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.35 Set 'Devices: Allowed to format and eject removable media' to 'Administrators' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.35 Set 'Devices: Allowed to format and eject removable media' to 'Administrators' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.67 Configure 'Devices: Restrict floppy access to locally logged-on user only' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.67 Configure 'Devices: Restrict floppy access to locally logged-on user only' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.18 Ensure nodev option set on removable media partitions | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.20 Disable Automounting | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | MEDIA PROTECTION |
| 1.9.8 Devices: Allowed to format and eject removable media | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.8 Devices: Allowed to format and eject removable media | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.10 Devices: Restrict CD-ROM access to locally logged-on user only | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.10 Devices: Restrict CD-ROM access to locally logged-on user only | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.11 Devices: Restrict floppy access to locally logged-on user only | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.11 Devices: Restrict floppy access to locally logged-on user only | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 2.2 Ensure extension directory has appropriate ownership and permissions | CIS PostgreSQL 13 OS v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Set nodev option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.3 Set nosuid option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.3.4.1 (L1) Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users' | CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users' | CIS Microsoft Windows 8.1 L1 v2.3.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v2.5.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v2.5.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v2.1.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v2.1.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v2.4.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v2.4.0 | Windows | MEDIA PROTECTION |
| 2.4 Set noexec option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.6 Bind Mount the /var/tmp directory to /tmp | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.11 Add nodev Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.12 Add noexec Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.13 Add nosuid Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.14 Add nodev Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.15 Add nosuid Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.16 Add noexec Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.5 Application Data with requirement for world writable directories | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure cron is restricted to authorized users | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure cron is restricted to authorized users | CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2 Ensure system accounts are secured | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6 Ensure access to the su command is restricted - /etc/pam.d/su | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure external content sharing is restricted | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.4 Ensure OneDrive content sharing is restricted | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.7 Ensure link sharing is restricted in SharePoint and OneDrive | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1.7 Ensure shareable links are restricted | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| Devices: Allowed to format and eject removable media | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | MEDIA PROTECTION |
| PCI 9.7 Maintain strict control over the internal or external distribution of any kind of media - 'USB' | PCI v2.0/v3.0 Windows Best Practices | Windows | MEDIA PROTECTION |
