| 1.1.1.2.1.23 Configure 'Devices: Restrict CD-ROM access to locally logged-on user only' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.23 Configure 'Devices: Restrict CD-ROM access to locally logged-on user only' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.35 Set 'Devices: Allowed to format and eject removable media' to 'Administrators' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.35 Set 'Devices: Allowed to format and eject removable media' to 'Administrators' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.67 Configure 'Devices: Restrict floppy access to locally logged-on user only' | CIS Windows 2003 DC v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.1.2.1.67 Configure 'Devices: Restrict floppy access to locally logged-on user only' | CIS Windows 2003 MS v3.1.0 | Windows | MEDIA PROTECTION |
| 1.1.20 Disable Automounting | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | MEDIA PROTECTION |
| 1.9.8 Devices: Allowed to format and eject removable media | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.8 Devices: Allowed to format and eject removable media | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.10 Devices: Restrict CD-ROM access to locally logged-on user only | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.10 Devices: Restrict CD-ROM access to locally logged-on user only | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.11 Devices: Restrict floppy access to locally logged-on user only | CIS Windows 2008 Enterprise v1.2.0 | Windows | MEDIA PROTECTION |
| 1.9.11 Devices: Restrict floppy access to locally logged-on user only | CIS Windows 2008 SSLF v1.2.0 | Windows | MEDIA PROTECTION |
| 2.2 Set nodev option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.3 Set nosuid option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users' | CIS Microsoft Windows 8.1 L1 Bitlocker v2.3.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators and Interactive Users' | CIS Microsoft Windows 8.1 L1 v2.3.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v2.5.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v2.5.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v2.1.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 MS L1 v2.1.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v2.4.0 | Windows | MEDIA PROTECTION |
| 2.3.4.1 Ensure 'Devices: Allowed to format and eject removable media' is set to 'Administrators' | CIS Windows Server 2012 R2 MS L1 v2.4.0 | Windows | MEDIA PROTECTION |
| 2.3.18.4 Ensure 'Never allow users to specify groups when restricting permission for documents' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.18.5 Ensure 'Prevent users from changing permissions on rights managed content' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4 Set noexec option for /tmp Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.5.1.2.2 Ensure 'Do not allow users to change permissions on folders' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.6 Bind Mount the /var/tmp directory to /tmp | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.11 Add nodev Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.12 Add noexec Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.13 Add nosuid Option to Removable Media Partitions | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.14 Add nodev Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.15 Add nosuid Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.16 Add noexec Option to /run/shm Partition | CIS Ubuntu 12.04 LTS Benchmark L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.8 Ensure 'Allow USB drive access in Files app' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | MEDIA PROTECTION |
| 3.2.1.17 Ensure 'Allow USB accessories while the device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | MEDIA PROTECTION |
| 3.5 Application Data with requirement for world writable directories | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure cron is restricted to authorized users | CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure cron is restricted to authorized users | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6 Ensure access to the su command is restricted - /etc/pam.d/su | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure external content sharing is restricted | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.4 Ensure OneDrive content sharing is restricted | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.7 Ensure link sharing is restricted in SharePoint and OneDrive | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1.7 Ensure shareable links are restricted | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| BSI-100-2: S 4.4: Correct handling of drives for removable media and external data storage: Allow to eject removable NTFS media | BSI-100-2 Windows 2005 | Windows | MEDIA PROTECTION |
