| 1.1.2 Ensure /tmp is configured | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure separate partition exists for /var | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.11 Ensure separate partition exists for /var/tmp | CIS Fedora 19 Family Linux Server L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.11 Ensure separate partition exists for /var/tmp | CIS Fedora 19 Family Linux Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.13 Ensure separate partition exists for /var/log/audit | CIS Amazon Linux 2 STIG v1.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure 'Idle session timeout' is set to '3 hours (or less)' for unmanaged devices | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL |
| 2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.2.6 Ensure Multi-factor Authentication is Required for Risky Sign-ins | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.6.1.3 Ensure iCloud Drive Document and Desktop Sync Is Disabled | CIS Apple macOS 12.0 Monterey v3.1.0 L2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.4 iCloud Drive Document and Desktop sync - desktop | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.12 Ensure That 'All users with the following roles' is set to 'Owner' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | INCIDENT RESPONSE |
| 3.3.1 Ensure ip forwarding is disabled | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure ip forwarding is disabled | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Ensure Home Folders Are Secure | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1 Ensure Home Folders Are Secure | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1 Ensure Home Folders Are Secure | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.1 Secure Home Folders | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.2.8 Ensure admin center access is limited to administrative roles | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | ACCESS CONTROL |
| 5.4.1 Ensure the GKE Metadata Server is Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.5.2 Ensure Node Auto-Repair is enabled for GKE nodes | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | RISK ASSESSMENT |
| 5.5.4 When creating New Clusters - Automate GKE version management using Release Channels | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.5.5 Ensure Shielded GKE Nodes are Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | CONFIGURATION MANAGEMENT |
| 5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | RISK ASSESSMENT |
| 5.5.7 Ensure Secure Boot for Shielded GKE Nodes is Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | RISK ASSESSMENT |
| 5.6.3 Ensure Control Plane Authorized Networks is Enabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.10.2 Ensure that Alpha clusters are not used for production workloads | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure Root Domain Alias Record Points to ELB | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Use CloudFront Content Distribution Network | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3.2 Ensure OneDrive sync is restricted for unmanaged devices | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 7.4 Software Inventory Considerations | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | |
| 7.4 Software Inventory Considerations | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 (L1) Ensure 'Download Mode' is NOT set to 'Enabled: Internet' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.16.1 Ensure 'Download Mode' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| WPAW-00-002200 - The Windows PAW must be configured so that all outbound connections to the Internet from a PAW are blocked. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
