| 1.5 Ensure That Service Account Has No Admin Privileges | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL |
| 1.10 Ensure KMS Encryption Keys Are Rotated Within a Period of 90 Days | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.12 Ensure API Keys Only Exist for Active Services | CIS Google Cloud Platform v3.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 1.15 Ensure API Keys Are Rotated Every 90 Days | CIS Google Cloud Platform v3.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.8 Ensure That the Log Metric Filter and Alerts Exist for VPC Network Route Changes | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY |
| 4.2.8 Ensure that the --hostname-override argument is not set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.8 Ensure that the --hostname-override argument is not set | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.4.1 Consider external secret storage | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.2 Consider external secret storage | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects | CIS Google Cloud Platform v3.0.0 L2 | GCP | SYSTEM AND SERVICES ACQUISITION |
| 5.4.2 Consider external secret storage | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 6.2.8 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure That All BigQuery Tables Are Encrypted With Customer-Managed Encryption Key (CMEK) | CIS Google Cloud Platform v3.0.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure all data in BigQuery has been classified | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.40.1 Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.40.1 Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.40.1 Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| AIOS-13-011300 - Apple iOS/iPadOS must implement the management setting: Disable Allow Shared Albums. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-15-011100 - Apple iOS/iPadOS 15 must implement the management setting: Disable Allow Shared Albums. | AirWatch - DISA Apple iOS/iPadOS 14 v1r4 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-16-011100 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow Shared Albums. | AirWatch - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-003450 - Apple iOS/iPadOS 17 must not allow backup to remote systems (Cloud Photo Library). | AirWatch - DISA Apple iOS/iPadOS 17 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-13-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-11-003900 - Google Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Google Android 11 COBO v2r1 | MDM | ACCESS CONTROL |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 12 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 13 COPE v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 13 COPE v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 13 COBO v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 13 COBO v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-708600 - Google Android 13 must be configured to not allow backup of all work profile applications to remote systems. | AirWatch - DISA Google Android 13 BYOD v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 14 COBO v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 14 COPE v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 14 COBO v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 14 COPE v2r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708600 - Google Android 14 must be configured to not allow backup of all work profile applications to remote systems. | AirWatch - DISA Google Android 14 BYOAD v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-708600 - Google Android 14 must be configured to not allow backup of all work profile applications to remote systems. | MobileIron - DISA Google Android 14 BYOAD v1r1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| HONW-09-003900 - The Honeywell Mobility Edge Android Pie device must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Honeywell Android 9.x COBO v1r2 | MDM | ACCESS CONTROL |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Microsoft Android 11 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Microsoft Android 11 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSFT-11-003900 - Microsoft Android 11 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Microsoft Android 11 COPE v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000197 - Microsoft consumer experiences must be turned off. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | AirWatch - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
