| 1.8.4 Ensure GDM screen locks when the user is idle | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.14 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.14 Ensure 'Show Control Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.15 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.15 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.3.2 Ensure Screen Saver Corners Are Secure - top left corner | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.7.7 (L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.9.1 (L1) Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.4.5 Ensure 'Maximum grace period for device lock' is set to 'Immediately' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 13.0 Ventura v2.1.0 L2 | Unix | ACCESS CONTROL |
| 2.10.1 Ensure an Inactivity Interval of 20 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 14.0 Sonoma v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.32 Ensure 'Show Notification Center in Lock screen' is set to 'Disabled' | AirWatch - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.1 /etc/security/login.cfg - logintimeout - logintimeout | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 3.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.4.4 Ensure 'Maximum Auto-Lock' is set to '2 minutes' or less | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.4.6 Unattended terminal session timeout is 900 seconds (or less) - readonly | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 3.4.6 Unattended terminal session timeout is 900 seconds (or less) - readonly | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | ACCESS CONTROL |
| 3.4.6 Unattended terminal session timeout is 900 seconds (or less) - TIMEOUT | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 3.4.6 Unattended terminal session timeout is 900 seconds (or less) - TIMEOUT | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | ACCESS CONTROL |
| 3.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL |
| 3.9.1 Ensure 'If Lost, Return to...' Message is 'Configured' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL |
| 3.11 Ensure 'Time without user input before password must be re-entered' is set to '15' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL |
| 4.4 Ensure account lockout is set to 15 minutes | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | ACCESS CONTROL |
| 5.3 Ensure the Sudo Timeout Period Is Set to Zero | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.3 Ensure the Sudo Timeout Period Is Set to Zero - permissions | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure the Sudo Timeout Period Is Set to Zero | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.5 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 14.0 Sonoma v1.1.0 L1 | Unix | ACCESS CONTROL |
| 5.7 Ensure an Administrator Account Cannot Login to Another User's Active and Locked Session | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.9 (L1) Ensure the shell services timeout is set to 1 hour or less | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | ACCESS CONTROL |
| 5.11 Ensure an administrator account cannot login to another user's active and locked session | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL |
| 18.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.8.34.6.1 (L1) Ensure 'Require a password when a computer wakes (on battery)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.8.34.6.2 (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.9.32.6.2 (L1) Ensure 'Require a password when a computer wakes (plugged in)' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.2 (L1) Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 19.1.3.3 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 19.1.3.4 (L1) Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 45.9 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL |
| 45.12 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL |
