| 1.1.15 - AirWatch - Enable 'Encrypt phone' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.15 - MobileIron - Enable 'Encrypt phone' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.2.3.3.1 Configure 'Turn Off the Display (seconds):' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.3.2 Configure 'Turn Off the Display (seconds):' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.3.3 Set 'Require a Password When a Computer Wakes (Plugged In)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.3.4 Set 'Require a Password When a Computer Wakes (On Battery)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.1.1 Set 'Configure use of hardware-based encryption for fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.1 Set 'Configure use of hardware-based encryption for operating system drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.2.16 Set 'Allow BitLocker without a compatible TPM' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.2.27 Set 'Allow Secure Boot for integrity validation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.2.29 Configure 'Allow network unlock at startup' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.1 Set 'Configure use of hardware-based encryption for removable data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.3 Set 'Configure use of passwords for removable data drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.5 Set 'Recovery Password' to 'Do not allow 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.17 Set 'Deny write access to removable drives not protected by BitLocker' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.19 Configure 'Control use of BitLocker on removable drives' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.5 Set 'Select the encryption method:' to 'Enabled:AES 256-bit' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.8 Configure 'Provide the unique identifiers for your organization' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.9 Set 'Allow Standby States (S1-S3) When Sleeping (On Battery)' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.10 Set 'Allow Standby States (S1-S3) When Sleeping (Plugged In)' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.9 - AirWatch - Enable 'Require encryption on the device' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.1.9 - MobileIron - Enable 'Require encryption on the device' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 v2004 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Disable new DMA devices when this computer is locked | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
