| 1.1.6.1.1 Ensure when a cloud recording is available is set to enabled | CIS Zoom L1 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.2.10 Ensure require passcode to access shared cloud recordings is set to enabled | CIS Zoom L2 v1.0.0 | Zoom | CONFIGURATION MANAGEMENT |
| 1.66 (L1) Ensure 'Configure Related Matches in Find on Page' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.139 WN10-CC-000197 | CIS Microsoft Windows 10 STIG v1.0.0 CAT III | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure That Retention Policies on Cloud Storage Buckets Used for Exporting Logs Are Configured Using Bucket Lock | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.23.2 (L1) Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL |
| 4.2.7 Ensure that the --hostname-override argument is not set | CIS Kubernetes v1.11.1 L1 Worker Node | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4.1 Consider external secret storage | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.2 Consider external secret storage | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure ftp server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2 Consider external secret storage | CIS Red Hat OpenShift Container Platform v1.8.0 L2 OpenShift | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.6 Ensure '3625 (trace flag)' Database Flag for all Cloud SQL SQL Server Instances Is Set to 'on' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.9.58.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.9.58.2 (L1) Ensure 'Prevent the usage of OneDrive for file storage on Windows 8.1' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 18.10.40.1 (L1) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 61.1 (L2) Ensure 'Disallow Cloud Notification' is set to 'Allow' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| AIOS-16-011100 - Apple iOS/iPadOS 16 must implement the management setting: Disable Allow Shared Albums. | MobileIron - DISA Apple iOS/iPadOS 16 v2r1 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-17-003450 - Apple iOS/iPadOS 17 must not allow backup to remote systems (Cloud Photo Library). | AirWatch - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-17-003450 - Apple iOS/iPadOS 17 must not allow backup to remote systems (Cloud Photo Library). | MobileIron - DISA Apple iOS/iPadOS 17 v2r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Google backup | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Removable storage | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| APPL-13-002037 - The macOS system must be configured to disable the Cloud Storage Setup services. | DISA STIG Apple macOS 13 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v21H1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not suggest third-party content in Windows spotlight | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | AirWatch - DISA Google Android 12 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-12-008600 - Google Android 12 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 12 COBO v1r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-13-008600 - Google Android 13 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 13 COBO v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 14 COBO v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-14-008600 - Google Android 14 must be configured to not allow backup of [all applications, configuration data] to remote systems. | MobileIron - DISA Google Android 14 COPE v2r2 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| GOOG-15-006750 - Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini. | AirWatch - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006750 - Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini. | AirWatch - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006750 - Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini. | MobileIron - DISA Google Android 15 COBO v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| GOOG-15-006750 - Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini. | MobileIron - DISA Google Android 15 COPE v1r2 | MDM | IDENTIFICATION AND AUTHENTICATION |
| iOS Device Management - Handoff | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Shared photo stream | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| MS.AAD.3.2v1 - If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| OpenStack Identity - Disable admin token in /etc/keystone/keystone-paste.ini | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| OpenStack Identity - Disable admin token in /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | ACCESS CONTROL |
| WN10-CC-000197 - Microsoft consumer experiences must be turned off. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| ZEBR-10-003900 - Zebra Android 10 must be configured to not allow backup of all applications and configuration data to remote systems. | MobileIron - DISA Zebra Android 10 COBO v1r2 | MDM | ACCESS CONTROL |
