| 1.2 Ensure that Multi-Factor Authentication is 'Enabled' for All Non-Service Accounts | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.16 Ensure Essential Contacts is Configured for Organization | CIS Google Cloud Platform v3.0.0 L1 | GCP | INCIDENT RESPONSE |
| 2.1.4.1 Ensure cloud storage is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 2.10 Ensure That the Log Metric Filter and Alerts Exist for Cloud Storage IAM Permission Changes | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.10.1 Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1.1 Ensure correct container image is set for stackdriver logging agent | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure That Instances Are Not Configured To Use the Default Service Account With Full Access to All Cloud APIs | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 4.2.6 Ensure inline scanning with FortiGuard AI-Based Sandbox Service is enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 5.7 Choosing Wildfire public cloud region | CIS Palo Alto Firewall 11 v1.1.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 5.7 Choosing Wildfire public cloud region | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 5.7.1 Ensure Logging and Cloud Monitoring is Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 5.8 Ensure that 'Inline Cloud Analysis' on Wildfire profiles is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 Ensure that 'Inline Cloud Analysis' on Wildfire profiles is enabled | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.9.1 Enable Customer-Managed Encryption Keys (CMEK) for GKE Persistent Disks (PD) | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9.2 Enable Customer-Managed Encryption Keys (CMEK) for Boot Disks | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Ensure That a MySQL Database Instance Does Not Allow Anyone To Connect With Administrative Privileges | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.6 Ensure That Cloud SQL Database Instances Do Not Have Public IPs | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONTINGENCY PLANNING |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Ensure that Dataproc Cluster is encrypted using Customer-Managed Encryption Key | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.12.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.12.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.12.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 60.1 (L2) Ensure 'Allow Cloud Search' is set to 'Not allowed' | CIS Microsoft Intune for Windows 10 v3.0.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 60.1 (L2) Ensure 'Allow Cloud Search' is set to 'Not allowed' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001315 - Adobe Acrobat Pro DC Classic SharePoint and Office365 access must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001315 - Adobe Acrobat Pro DC Continuous SharePoint and Office365 access must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ADBP-XI-001315 - Adobe Acrobat Pro XI SharePoint and Office365 Access must be disabled. | DISA STIG ADOBE ACROBAT PROFESSIONAL (PRO) XI v1r2 | Windows | CONFIGURATION MANAGEMENT |
| AIOS-02-080003 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization). | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-02-080003 - Apple iOS must not allow backup to remote systems (iCloud document and data synchronization). | AirWatch - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-02-080103 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud). | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-02-080103 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud). | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-02-090101 - Apple iOS must implement the management setting: Disable Allow iCloud Photo Library. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-02-090101 - Apple iOS must implement the management setting: Disable Allow iCloud Photo Library. | MobileIron - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004600 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud). | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-004600 - Apple iOS must not allow backup to remote systems (managed applications data stored in iCloud). | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004600 - Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud). | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-13-004600 - Apple iOS/iPadOS must not allow backup to remote systems (managed applications data stored in iCloud). | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| ARDC-CL-000060 - Adobe Reader DC must disable all service access to Document Cloud Services. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000060 - Adobe Reader DC must disable all service access to Document Cloud Services. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| DTBC-0023 - Cloud print sharing must be disabled. | DISA STIG Google Chrome v2r9 | Windows | ACCESS CONTROL |
| iOS Device Management - Managed apps sync to cloud | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| KNOX-07-001600 - The Samsung whitelist must be configured to not include applications that Back up MD data to non-DoD cloud servers. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | CONFIGURATION MANAGEMENT |
| WDNS-CM-000025 - The Windows 2012 DNS Servers zone files must not include CNAME records pointing to a zone with lesser security for more than six months. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Cloud-delivered protection | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
