| 1.4 Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.6 Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.7 Ensure User-Managed/External Keys for Service Accounts Are Rotated Every 90 Days or Fewer | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.13 Ensure API Keys Are Restricted To Use by Only Specified Hosts and Apps | CIS Google Cloud Platform v3.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access | CIS Google Cloud Platform v3.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 1.17 Ensure Secrets are Not Stored in Cloud Functions Environment Variables by Using Secret Manager | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4 Ensure Log Metric Filter and Alerts Exist for Project Ownership Assignments/Changes | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.5 Ensure That the Log Metric Filter and Alerts Exist for Audit Configuration Changes | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.7 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Firewall Rule Changes | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 2.11 Ensure That the Log Metric Filter and Alerts Exist for SQL Instance Configuration Changes | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure That the Default Network Does Not Exist in a Project | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.6 Ensure That SSH Access Is Restricted From the Internet | CIS Google Cloud Platform v3.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Use Identity Aware Proxy (IAP) to Ensure Only Traffic From Google IP Addresses are 'Allowed' | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL |
| 4.4 Ensure Oslogin Is Enabled for a Project | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL |
| 4.6 Ensure That IP Forwarding Is Not Enabled on Instances | CIS Google Cloud Platform v3.0.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7 Ensure VM Disks for Critical VMs Are Encrypted With Customer-Supplied Encryption Keys (CSEK) | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Ensure Compute Instances Are Launched With Shielded VM Enabled | CIS Google Cloud Platform v3.0.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 4.11 Ensure That Compute Instances Have Confidential Computing Enabled | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure That Cloud Storage Bucket Is Not Anonymously or Publicly Accessible | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2.1 Ensure multifactor authentication is enabled for all users in administrative roles | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 6.3.1 Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off' | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured | CIS Google Cloud Platform v3.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.1 Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 18.9.52.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 18.9.52.1 Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.50.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.51.1 (L1) Ensure 'Prevent the usage of OneDrive for file storage' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| AIOS-02-080002 - Apple iOS must not allow backup to remote systems (iCloud). | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-02-080004 - Apple iOS must not allow backup to remote systems (iCloud Keychain). | MobileIron - DISA Apple iOS 10 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| alert | CIS Google Cloud Platform v3.0.0 L1 | GCP | |
| allServices | CIS Google Cloud Platform v3.0.0 L1 | GCP | |
| dns policies | CIS Google Cloud Platform v3.0.0 L1 | GCP | |
| Encrypter/Decrypter | CIS Google Cloud Platform v3.0.0 L2 | GCP | |
| GOOG-10-003900 - Google Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Google Android 10.x v2r1 | MDM | ACCESS CONTROL |
| HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL |
| HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL |
| MOTS-11-003900 - Motorola Solutions Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Motorola Solutions Android 11 COBO v1r3 | MDM | ACCESS CONTROL |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Microsoft Android 11 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| project | CIS Google Cloud Platform v3.0.0 L1 | GCP | |
| ZEBR-11-003900 - Zebra Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Zebra Android 11 COBO v1r3 | MDM | ACCESS CONTROL |
