| 2.2 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Management Services | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.2.1.10 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2.1.13 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4.2 Ensure Sending Diagnostic and Usage Data to Apple Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.1.27 Ensure 'Force Apple Watch wrist detection' is set to 'Enabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Implement DNSSEC 'INCLUDE' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Enable Auditing of Incoming Network Connections - AUE_CONNECT : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FACLSET : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHMOD : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Enable Auditing of File Metadata Modification Events - AUE_FCHOWN : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure the latest iOS device architecture is used by high-value targets | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | SYSTEM AND INFORMATION INTEGRITY |
| AIOS-02-080005 - Apple iOS must not allow backup to remote systems (My Photo Stream). | AirWatch - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-11-080203 - Apple iOS must implement the management setting: force Apple Watch wrist detection. | AirWatch - DISA Apple iOS 10 v1r3 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-12-011800 - Apple iOS must implement the management setting: not have any Family Members in Family Sharing. | AirWatch - DISA Apple iOS 12 v2r1 | MDM | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-15-012600 - Apple iOS/iPadOS 15 must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-012600 - Apple iOS/iPadOS 15 must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-012600 - Apple iOS/iPadOS 16 must implement the management setting: Disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-16-012600 - Apple iOS/iPadOS 16 must implement the management setting: Disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012600 - Apple iOS/iPadOS 17 must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-012600 - Apple iOS/iPadOS 17 must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-012600 - Apple iOS/iPadOS 18 must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-012600 - Apple iOS/iPadOS 18 must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 18 v1r1 | MDM | CONFIGURATION MANAGEMENT |
| AOSX-15-002004 - The macOS system must be configured to disable Location Services. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002005 - The macOS system must be configured to disable Bonjour multicast advertising. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002020 - The macOS system must be configured to disable Siri and dictation - Assistant Allowed | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-002062 - The macOS system must be configured with Bluetooth turned off unless approved by the organization - DisabledPreferencePanes | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-002068 - The macOS system must set permissions on user home directories to prevent users from having access to read or modify another users files - User directory home permissions | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003009 - The macOS system must prohibit password reuse for a minimum of five generations. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AOSX-15-003012 - The macOS system must be configured to prevent displaying password hints. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003013 - The macOS system must be configured with a firmware password to prevent access to single user mode and booting from alternative media. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| AOSX-15-003020 - The macOS system must use multifactor authentication for local and network access to privileged and non-privileged accounts, the establishment of nonlocal maintenance and diagnostic sessions, and authentication for remote access to privileged accounts in such a way that one of the factors is provided by a device separate from the system gaining access - PasswordAuthentication | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| AOSX-15-004002 - The macOS system must be configured with system log files set to mode 640 or less permissive - ASL | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| AOSX-15-005001 - The macOS system must enable System Integrity Protection. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| AOSX-15-005020 - The macOS system must implement cryptographic mechanisms to protect the confidentiality and integrity of all information at rest. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AOSX-15-100001 - The macOS system must be a supported release. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-14-002022 - The macOS system must disable Remote Apple Events. | DISA Apple macOS 14 (Sonoma) STIG v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-15-002035 - The macOS system must disable Apple ID setup during Setup Assistant. | DISA Apple macOS 15 (Sequoia) STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Hide the System Preference Pane for Wallet and Apple Pay | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
