| 2.2.2.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.2.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.1 Ensure Remote Apple Events Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-12-011800 - Apple iOS must implement the management setting: not have any Family Members in Family Sharing. | MobileIron - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-13-012100 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-14-010200 - Apple iOS/iPadOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-011800 - Apple iOS/iPadOS 18 must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AOSX-14-002042 - The macOS system must disable iCloud bookmark synchronization. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002052 - The macOS system must be configured to disable the system preference pane for Wallet & ApplePay - HiddenPreferencePanes | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002060 - The macOS system must allow only applications that have a valid digital signature to run - AllowIdentifiedDevelopers | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002065 - The macOS system must limit the ability of non-privileged users to grant other users direct access to the contents of their home directories/folders - Home directory owners | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002066 - The macOS system must not allow an unattended or automatic logon to the system. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002067 - The macOS system must prohibit user installation of software without explicit privileged status. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User subdirectory Public permissions | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-002069 - The macOS system must authenticate peripherals before establishing a connection. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-002070 - The macOS system must use an approved antivirus program. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-003009 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts - PasswordAuthentication | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-14-003051 - The macOS system must be configured so that the su command requires smart card authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-14-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-000006 - The macOS system must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000008 - The macOS system must be configured with Wi-Fi support software disabled. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-000012 - The macOS system must automatically remove or disable temporary and emergency user accounts after 72 hours. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000015 - The macOS system must utilize an Endpoint Security Solution (ESS) and implement all DoD required modules. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-000022 - The macOS system must enforce the limit of three consecutive invalid logon attempts by a user before the user account is locked. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000024 - The macOS system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system via SSH. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL |
| AOSX-15-000032 - The macOS system must be configured with dedicated user accounts to decrypt the hard disk upon startup - FileVault User | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-000051 - The macOS system must be configured with the SSH daemon ClientAliveInterval option set to 900 or less. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000052 - The macOS system must be configured with the SSH daemon ClientAliveCountMax option set to 0. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000053 - The macOS system must be configured with the SSH daemon LoginGraceTime set to 30 or less. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-000054 - The macOS system must implement approved Ciphers to protect the confidentiality of SSH connections.. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-001010 - The macOS system must shut down by default upon audit failure (unless availability is an overriding concern). | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY |
| AOSX-15-002004 - The macOS system must be configured to disable Location Services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002020 - The macOS system must be configured to disable Siri and dictation - Assistant Allowed | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissions | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003012 - The macOS system must be configured to prevent displaying password hints. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003013 - The macOS system must be configured with a firmware password to prevent access to single user mode and booting from alternative media. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASL | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-100001 - The macOS system must be a supported release. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Apple ID Setup during Setup Assistant | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
