| 1.1 Ensure that Corporate Login Credentials are Used | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL |
| 1.1.3.7 Ensure require encryption for 3rd party endpoints (SIP/H.323) is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.9 Ensure IP address access control is set to organization approved ranges | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.4 Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.5 Ensure That Service Account Has No Admin Privileges | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL |
| 1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.12 Ensure API Keys Only Exist for Active Services | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 1.15 Ensure API Keys Are Rotated Every 90 Days | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.2 Audit iCloud Drive | CIS Apple macOS 26 Tahoe v1.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.2 Audit iCloud Drive | CIS Apple macOS 14.0 Sonoma v3.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1 iCloud configuration | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 2.6.1.1 Audit iCloud Configuration | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.2 Audit iCloud Drive | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Changes | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.11 Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.14 Ensure 'Access Transparency' is 'Enabled' | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure That the Default Network Does Not Exist in a Project | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.6 Ensure That SSH Access Is Restricted From the Internet | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure That RDP Access Is Restricted From the Internet | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure that On-Premise SharePoint servers is configured without OneDrive redirection linkages. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.8 Ensure that On-Premise SharePoint servers is configured without OneDrive redirection linkages. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.4 Ensure Oslogin Is Enabled for a Project | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL |
| 4.7 Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10 Ensure That App Engine Applications Enforce HTTPS Connections | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | SYSTEM AND SERVICES ACQUISITION |
| 5.1.1 Ensure Image Vulnerability Scanning is enabled | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | RISK ASSESSMENT |
| 5.1.1 Ensure Image Vulnerability Scanning is enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | RISK ASSESSMENT |
| 6.2.1 Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.2.6 Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.3.1 Ensure 'external scripts enabled' Database Flag for Cloud SQL SQL Server Instance Is Set to 'off' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.5 Ensure 'remote access' Database Flag for Cloud SQL SQL Server Instance Is Set to 'off' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 6.3.7 Ensure 'contained database authentication' Database Flag for Cloud SQL SQL Server Instance Is Set to 'off' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure all data in BigQuery has been classified | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.77.3.1 Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 22.31 (L2) Ensure 'Remote Encryption Protection Aggressiveness' is set to 'Medium' or higher | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-15-007400 - Apple iOS/iPadOS 15 allowlist must be configured to not include applications with the following characteristics: - back up MD data to non-DoD cloud servers (including user and application access to cloud backup services);- transmit MD diagnostic data to non-DoD servers; - allows synchronization of data or applications between devices associated with user; and - allows unencrypted (or encrypted but not FIPS 140-2 validated) data sharing with other MDs or printers. | MobileIron - DISA Apple iOS/iPadOS 15 STIG v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016200 - Apple iOS/iPadOS 18 must disable the use of voice assistant (Show user-generated content in Siri) unless required to meet Section 508 compliance requirements. | AirWatch - DISA Apple iOS/iPadOS 18 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016200 - Apple iOS/iPadOS 18 must disable the use of voice assistant (Show user-generated content in Siri) unless required to meet Section 508 compliance requirements. | MobileIron - DISA Apple iOS/iPadOS 18 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-016300 - Apple iOS/iPadOS 18 must disable the use of voice assistant (Siri suggestions) unless required to meet Section 508 compliance requirements. | MobileIron - DISA Apple iOS/iPadOS 18 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| WN10-CC-000390 - Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications. | DISA Microsoft Windows 10 STIG v3r5 | Windows | CONFIGURATION MANAGEMENT |
