| 1.1.15 - AirWatch - Enable 'Encrypt phone' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.15 - MobileIron - Enable 'Encrypt phone' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 2.1.9 - MobileIron - Enable 'Require encryption on the device' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 3.11.7.2.13 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM' | CIS Microsoft Intune for Windows 11 v3.0.1 BitLocker (BL) | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 18.10.9.1.1 (BL) Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.1.10 (BL) Ensure 'Configure use of hardware-based encryption for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (BL) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.11 (L1) Ensure 'Configure use of hardware-based encryption for operating system drives' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.13 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.14 (BL) Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.15 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.2.15 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.2.17 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup key:' is set to 'Enabled: Do not allow startup key with TPM' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (BL) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.1 (L1) Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 18.10.9.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | ACCESS CONTROL |
| 18.10.9.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 BL | Windows | ACCESS CONTROL |
| 18.10.9.3.10 (BL) Ensure 'Configure use of hardware-based encryption for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | ACCESS CONTROL |
