| APPL-14-002004 |
V2R2 |
The macOS system must disable Location Services. |
|
| APPL-14-002005 |
V2R2 |
The macOS system must disable Bonjour multicast. |
|
| APPL-14-002007 |
V2R2 |
The macOS system must disable Internet Sharing. |
|
| APPL-14-002010 |
V2R2 |
The macOS system must disable FaceTime.app. |
|
| APPL-14-002012 |
V2R2 |
The macOS system must disable the iCloud Calendar services. |
|
| APPL-14-002013 |
V2R2 |
The macOS system must disable iCloud Reminders. |
|
| APPL-14-002014 |
V2R2 |
The macOS system must disable iCloud Address Book. |
|
| APPL-14-002015 |
V2R2 |
The macOS system must disable iCloud Mail. |
|
| APPL-14-002016 |
V2R2 |
The macOS system must disable iCloud Notes. |
|
| APPL-14-002017 |
V2R2 |
The macOS system must disable the camera. |
|
| APPL-14-002020 |
V2R2 |
The macOS system must disable Siri. |
|
| APPL-14-002035 |
V2R2 |
The macOS system must disable Apple ID setup during Setup Assistant. |
|
| APPL-14-002036 |
V2R2 |
The macOS system must disable Privacy Setup services during Setup Assistant. |
|
| APPL-14-002037 |
V2R2 |
The macOS system must disable iCloud Storage Setup during Setup Assistant. |
|
| APPL-14-002039 |
V2R2 |
The macOS system must disable Siri Setup during Setup Assistant. |
|
| APPL-14-002040 |
V2R2 |
The macOS system must disable iCloud Keychain synchronization. |
|
| APPL-14-002041 |
V2R2 |
The macOS system must disable iCloud Document synchronization. |
|
| APPL-14-002042 |
V2R2 |
The macOS system must disable iCloud Bookmarks. |
|
| APPL-14-002043 |
V2R2 |
The macOS system must disable iCloud Photo Library. |
|
| APPL-14-002051 |
V2R2 |
The macOS system must disable the TouchID System Settings pane. |
|
| APPL-14-002052 |
V2R2 |
The macOS system must disable the System Settings pane for Wallet and Apple Pay. |
|
| APPL-14-002053 |
V2R2 |
The macOS system must disable the system settings pane for Siri. |
|
| APPL-14-002080 |
V2R2 |
The macOS system must disable Airplay Receiver. |
|
| APPL-14-002120 |
V2R2 |
The macOS system must disable AppleID and Internet Account modifications. |
|
| APPL-14-002130 |
V2R2 |
The macOS system must disable CD/DVD Sharing. |
|
| APPL-14-002140 |
V2R2 |
The macOS system must disable content caching service. |
|
| APPL-14-002150 |
V2R2 |
The macOS system must disable iCloud desktop and document folder synchronization. |
|
| APPL-14-002160 |
V2R2 |
The macOS system must disable iCloud Game Center. |
|
| APPL-14-002170 |
V2R2 |
The macOS system must disable iCloud Private Relay. |
|
| APPL-14-002180 |
V2R2 |
The macOS system must disable Find My service. |
|
| APPL-14-002190 |
V2R2 |
The macOS system must disable password autofill. |
|
| APPL-14-002200 |
V2R2 |
The macOS system must disable personalized advertising. |
|
| APPL-14-002210 |
V2R2 |
The macOS system must disable sending Siri and Dictation information to Apple. |
|
| APPL-14-002220 |
V2R2 |
The macOS system must enforce on device dictation. |
|
| APPL-14-002230 |
V2R2 |
The macOS system must disable dictation. |
|
| APPL-14-002240 |
V2R2 |
The macOS system must disable Printer Sharing. |
|
| APPL-14-002250 |
V2R2 |
The macOS system must disable Remote Management. |
|
| APPL-14-002260 |
V2R2 |
The macOS system must disable the Bluetooth system settings pane. |
|
| APPL-14-002270 |
V2R2 |
The macOS system must disable the iCloud Freeform services. |
|
| APPL-14-005054 |
V2R2 |
The macOS system must disable TouchID prompt during Setup Assistant. |
|
| APPL-14-005055 |
V2R2 |
The macOS system must disable Screen Time prompt during Setup Assistant. |
|
| APPL-14-005056 |
V2R2 |
The macOS system must disable Unlock with Apple Watch during Setup Assistant. |
|
| APPL-14-005060 |
V2R2 |
The macOS system must disable proximity-based password sharing requests. |
|
| APPL-14-005061 |
V2R2 |
The macOS system must disable Erase Content and Settings. |
|
| OL07-00-020000 |
V3R1 |
The Oracle Linux operating system must not have the rsh-server package installed. |
|
| OL07-00-020010 |
V3R1 |
The Oracle Linux operating system must not have the ypserv package installed. |
|
| OL07-00-021710 |
V3R1 |
The Oracle Linux operating system must not have the telnet-server package installed. |
|
| OL08-00-030741 |
V2R2 |
OL 8 must disable the chrony daemon from acting as a server. |
|
| OL08-00-030742 |
V2R2 |
OL 8 must disable network management of the chrony daemon. |
|
| OL08-00-040000 |
V2R2 |
OL 8 must not have the telnet-server package installed. |
|
| OL08-00-040001 |
V2R2 |
OL 8 must not have any automated bug reporting tools installed. |
|
| OL08-00-040002 |
V2R2 |
OL 8 must not have the sendmail package installed. |
|
| OL08-00-040004 |
V2R2 |
OL 8 must enable mitigations against processor-based vulnerabilities. |
|
| OL08-00-040010 |
V2R2 |
OL 8 must not have the rsh-server package installed. |
|
| OL08-00-040020 |
V2R2 |
OL 8 must cover or disable the built-in or attached camera when not in use. |
|
| OL08-00-040024 |
V2R2 |
OL 8 must disable the transparent inter-process communication (TIPC) protocol. |
|
| OL08-00-040025 |
V2R2 |
OL 8 must disable mounting of cramfs. |
|
| OL08-00-040026 |
V2R2 |
OL 8 must disable IEEE 1394 (FireWire) Support. |
|
| RHEL-07-020000 |
V3R9 |
The Red Hat Enterprise Linux operating system must not have the rsh-server package installed. |
|
| RHEL-07-020010 |
V3R9 |
The Red Hat Enterprise Linux operating system must not have the ypserv package installed. |
|
| RHEL-07-021710 |
V3R9 |
The Red Hat Enterprise Linux operating system must not have the telnet-server package installed. |
|
| RHEL-08-030741 |
V2R1 |
RHEL 8 must disable the chrony daemon from acting as a server. |
|
| RHEL-08-030742 |
V2R1 |
RHEL 8 must disable network management of the chrony daemon. |
|
| RHEL-08-040000 |
V2R1 |
RHEL 8 must not have the telnet-server package installed. |
|
| RHEL-08-040001 |
V2R1 |
RHEL 8 must not have any automated bug reporting tools installed. |
|
| RHEL-08-040002 |
V2R1 |
RHEL 8 must not have the sendmail package installed. |
|
| RHEL-08-040004 |
V2R1 |
RHEL 8 must enable mitigations against processor-based vulnerabilities. |
|
| RHEL-08-040010 |
V2R1 |
RHEL 8 must not have the rsh-server package installed. |
|
| RHEL-08-040020 |
V2R1 |
RHEL 8 must cover or disable the built-in or attached camera when not in use. |
|
| RHEL-08-040021 |
V2R1 |
RHEL 8 must disable the asynchronous transfer mode (ATM) protocol. |
|
| RHEL-08-040022 |
V2R1 |
RHEL 8 must disable the controller area network (CAN) protocol. |
|
| RHEL-08-040023 |
V2R1 |
RHEL 8 must disable the stream control transmission protocol (SCTP). |
|
| RHEL-08-040024 |
V2R1 |
RHEL 8 must disable the transparent inter-process communication (TIPC) protocol. |
|
| RHEL-08-040025 |
V2R1 |
RHEL 8 must disable mounting of cramfs. |
|
| RHEL-08-040026 |
V2R1 |
RHEL 8 must disable IEEE 1394 (FireWire) Support. |
|
| RHEL-09-213045 |
V2R2 |
RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module. |
|
| RHEL-09-213050 |
V2R2 |
RHEL 9 must be configured to disable the Controller Area Network kernel module. |
|
| RHEL-09-213055 |
V2R2 |
RHEL 9 must be configured to disable the FireWire kernel module. |
|
| RHEL-09-213060 |
V2R2 |
RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module. |
|
| RHEL-09-213065 |
V2R2 |
RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module. |
|
| RHEL-09-215025 |
V2R2 |
RHEL 9 must not have the nfs-utils package installed. |
|
| RHEL-09-215030 |
V2R2 |
RHEL 9 must not have the ypserv package installed. |
|
| RHEL-09-215035 |
V2R2 |
RHEL 9 must not have the rsh-server package installed. |
|
| RHEL-09-215040 |
V2R2 |
RHEL 9 must not have the telnet-server package installed. |
|
| RHEL-09-215045 |
V2R2 |
RHEL 9 must not have the gssproxy package installed. |
|
| RHEL-09-215050 |
V2R2 |
RHEL 9 must not have the iprutils package installed. |
|
| RHEL-09-215055 |
V2R2 |
RHEL 9 must not have the tuned package installed. |
|
| RHEL-09-231195 |
V2R2 |
RHEL 9 must disable mounting of cramfs. |
|
| RHEL-09-291035 |
V2R2 |
RHEL 9 Bluetooth must be disabled. |
|
| UBTU-18-010018 |
V2R15 |
The Ubuntu operating system must not have the Network Information Service (NIS) package installed. |
|
| UBTU-18-010019 |
V2R15 |
The Ubuntu operating system must not have the rsh-server package installed. |
|
| UBTU-20-010406 |
V2R1 |
The Ubuntu operating system must not have the rsh-server package installed. |
|
| UBTU-22-215030 |
V2R2 |
Ubuntu 22.04 LTS must not have the "rsh-server" package installed. |
|
| WN10-00-000080 |
V3R2 |
Only authorized user accounts must be allowed to create or run virtual machines on Windows 10 systems. |
|
| WN10-00-000100 |
V3R2 |
Internet Information System (IIS) or its subcomponents must not be installed on a workstation. |
|
| WN10-00-000110 |
V3R2 |
Simple TCP/IP Services must not be installed on the system. |
|
| WN10-00-000155 |
V3R2 |
The Windows PowerShell 2.0 feature must be disabled on the system. |
|
| WN10-00-000160 |
V3R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the system. |
|
| WN10-00-000165 |
V3R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. |
|
| WN10-00-000170 |
V3R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. |
|
| WN10-00-000175 |
V3R2 |
The Secondary Logon service must be disabled on Windows 10. |
|
| WN10-00-000210 |
V3R2 |
Bluetooth must be turned off unless approved by the organization. |
|
| WN10-00-000220 |
V3R2 |
Bluetooth must be turned off when not in use. |
|
| WN10-CC-000005 |
V3R2 |
Camera access from the lock screen must be disabled. |
|
| WN10-CC-000007 |
V3R2 |
Windows 10 must cover or disable the built-in or attached camera when not in use. |
|
| WN10-CC-000010 |
V3R2 |
The display of slide shows on the lock screen must be disabled. |
|
| WN10-CC-000038 |
V3R2 |
WDigest Authentication must be disabled. |
|
| WN10-CC-000039 |
V3R2 |
Run as different user must be removed from context menus. |
|
| WN10-CC-000044 |
V3R2 |
Internet connection sharing must be disabled. |
|
| WN10-CC-000100 |
V3R2 |
Downloading print driver packages over HTTP must be prevented. |
|
| WN10-CC-000105 |
V3R2 |
Web publishing and online ordering wizards must be prevented from downloading a list of providers. |
|
| WN10-CC-000110 |
V3R2 |
Printing over HTTP must be prevented. |
|
| WN10-CC-000120 |
V3R2 |
The network selection user interface (UI) must not be displayed on the logon screen. |
|
| WN10-CC-000130 |
V3R2 |
Local users on domain-joined computers must not be enumerated. |
|
| WN10-CC-000175 |
V3R2 |
The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. |
|
| WN10-CC-000197 |
V3R2 |
Microsoft consumer experiences must be turned off. |
|
| WN10-CC-000210 |
V3R2 |
The Windows Defender SmartScreen for Explorer must be enabled. |
|
| WN10-CC-000252 |
V3R2 |
Windows 10 must be configured to disable Windows Game Recording and Broadcasting. |
|
| WN10-CC-000300 |
V3R2 |
Basic authentication for RSS feeds over HTTP must not be used. |
|
| WN10-CC-000305 |
V3R2 |
Indexing of encrypted files must be turned off. |
|
| WN10-CC-000370 |
V3R2 |
The convenience PIN for Windows 10 must be disabled. |
|
| WN10-CC-000385 |
V3R2 |
Windows Ink Workspace must be configured to disallow access above the lock. |
|
| WN10-CC-000390 |
V3R2 |
Windows 10 should be configured to prevent users from receiving suggestions for third-party or additional applications. |
|
| WN10-UC-000015 |
V3R2 |
Toast notifications to the lock screen must be turned off. |
|
| WN11-00-000100 |
V2R2 |
Internet Information System (IIS) or its subcomponents must not be installed on a workstation. |
|
| WN11-00-000110 |
V2R2 |
Simple TCP/IP Services must not be installed on the system. |
|
| WN11-00-000155 |
V2R2 |
The Windows PowerShell 2.0 feature must be disabled on the system. |
|
| WN11-00-000160 |
V2R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the system. |
|
| WN11-00-000165 |
V2R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. |
|
| WN11-00-000170 |
V2R2 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. |
|
| WN11-00-000175 |
V2R2 |
The Secondary Logon service must be disabled on Windows 11. |
|
| WN11-00-000210 |
V2R2 |
Bluetooth must be turned off unless approved by the organization. |
|
| WN11-00-000220 |
V2R2 |
Bluetooth must be turned off when not in use. |
|
| WN11-CC-000005 |
V2R2 |
Camera access from the lock screen must be disabled. |
|
| WN11-CC-000007 |
V2R2 |
Windows 11 must cover or disable the built-in or attached camera when not in use. |
|
| WN11-CC-000010 |
V2R2 |
The display of slide shows on the lock screen must be disabled. |
|
| WN11-CC-000038 |
V2R2 |
WDigest Authentication must be disabled. |
|
| WN11-CC-000039 |
V2R2 |
Run as different user must be removed from context menus. |
|
| WN11-CC-000044 |
V2R2 |
Internet connection sharing must be disabled. |
|
| WN11-CC-000100 |
V2R2 |
Downloading print driver packages over HTTP must be prevented. |
|
| WN11-CC-000105 |
V2R2 |
Web publishing and online ordering wizards must be prevented from downloading a list of providers. |
|
| WN11-CC-000110 |
V2R2 |
Printing over HTTP must be prevented. |
|
| WN11-CC-000120 |
V2R2 |
The network selection user interface (UI) must not be displayed on the logon screen. |
|
| WN11-CC-000130 |
V2R2 |
Local users on domain-joined computers must not be enumerated. |
|
| WN11-CC-000175 |
V2R2 |
The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. |
|
| WN11-CC-000197 |
V2R2 |
Microsoft consumer experiences must be turned off. |
|
| WN11-CC-000210 |
V2R2 |
The Microsoft Defender SmartScreen for Explorer must be enabled. |
|
| WN11-CC-000252 |
V2R2 |
Windows 11 must be configured to disable Windows Game Recording and Broadcasting. |
|
| WN11-CC-000300 |
V2R2 |
Basic authentication for RSS feeds over HTTP must not be used. |
|
| WN11-CC-000305 |
V2R2 |
Indexing of encrypted files must be turned off. |
|
| WN11-CC-000370 |
V2R2 |
The convenience PIN for Windows 11 must be disabled. |
|
| WN11-CC-000390 |
V2R2 |
Windows 11 must be configured to prevent users from receiving suggestions for third-party or additional applications. |
|
| WN11-UC-000015 |
V2R2 |
Toast notifications to the lock screen must be turned off. |
|
| WN16-00-000300 |
V2R9 |
The roles and features required by the system must be documented. |
|
| WN16-00-000350 |
V2R9 |
The Fax Server role must not be installed. |
|
| WN16-00-000370 |
V2R9 |
The Peer Name Resolution Protocol must not be installed. |
|
| WN16-00-000380 |
V2R9 |
Simple TCP/IP Services must not be installed. |
|
| WN16-00-000400 |
V2R9 |
The TFTP Client must not be installed. |
|
| WN16-00-000410 |
V2R9 |
The Server Message Block (SMB) v1 protocol must be uninstalled. |
|
| WN16-00-000411 |
V2R9 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB server. |
|
| WN16-00-000412 |
V2R9 |
The Server Message Block (SMB) v1 protocol must be disabled on the SMB client. |
|
| WN16-00-000420 |
V2R9 |
Windows PowerShell 2.0 must not be installed. |
|
| WN16-CC-000010 |
V2R9 |
The display of slide shows on the lock screen must be disabled. |
|
| WN16-CC-000030 |
V2R9 |
WDigest Authentication must be disabled on Windows Server 2016. |
|
| WN16-CC-000160 |
V2R9 |
Downloading print driver packages over HTTP must be prevented. |
|
| WN16-CC-000170 |
V2R9 |
Printing over HTTP must be prevented. |
|
| WN16-CC-000180 |
V2R9 |
The network selection user interface (UI) must not be displayed on the logon screen. |
|
| WN16-CC-000240 |
V2R9 |
The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. |
|
| WN16-CC-000330 |
V2R9 |
Windows Server 2016 Windows SmartScreen must be enabled. |
|
| WN16-CC-000430 |
V2R9 |
Basic authentication for RSS feeds over HTTP must not be used. |
|
| WN16-CC-000440 |
V2R9 |
Indexing of encrypted files must be turned off. |
|
| WN16-DC-000130 |
V2R9 |
Domain controllers must run on a machine dedicated to that function. |
|
| WN16-MS-000030 |
V2R9 |
Local users on domain-joined computers must not be enumerated. |
|
| WN16-CC-000421 |
V2R9 |
The Windows Explorer Preview pane must be disabled for Windows Server 2016. |
|
| WN19-00-000270 |
V3R2 |
Windows Server 2019 must have the roles and features required by the system documented. |
|
| WN19-00-000320 |
V3R2 |
Windows Server 2019 must not have the Fax Server role installed. |
|
| WN19-00-000340 |
V3R2 |
Windows Server 2019 must not have the Peer Name Resolution Protocol installed. |
|
| WN19-00-000350 |
V3R2 |
Windows Server 2019 must not have Simple TCP/IP Services installed. |
|
| WN19-00-000370 |
V3R2 |
Windows Server 2019 must not have the TFTP Client installed. |
|
| WN19-00-000380 |
V3R2 |
Windows Server 2019 must not have the Server Message Block (SMB) v1 protocol installed. |
|
| WN19-00-000390 |
V3R2 |
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. |
|
| WN19-00-000400 |
V3R2 |
Windows Server 2019 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client. |
|
| WN19-00-000410 |
V3R2 |
Windows Server 2019 must not have Windows PowerShell 2.0 installed. |
|
| WN19-CC-000010 |
V3R2 |
Windows Server 2019 must prevent the display of slide shows on the lock screen. |
|
| WN19-CC-000020 |
V3R2 |
Windows Server 2019 must have WDigest Authentication disabled. |
|
| WN19-CC-000150 |
V3R2 |
Windows Server 2019 downloading print driver packages over HTTP must be turned off. |
|
| WN19-CC-000160 |
V3R2 |
Windows Server 2019 printing over HTTP must be turned off. |
|
| WN19-CC-000170 |
V3R2 |
Windows Server 2019 network selection user interface (UI) must not be displayed on the logon screen. |
|
| WN19-CC-000200 |
V3R2 |
Windows Server 2019 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. |
|
| WN19-CC-000300 |
V3R2 |
Windows Server 2019 Windows Defender SmartScreen must be enabled. |
|
| WN19-CC-000400 |
V3R2 |
Windows Server 2019 must disable Basic authentication for RSS feeds over HTTP. |
|
| WN19-CC-000410 |
V3R2 |
Windows Server 2019 must prevent Indexing of encrypted files. |
|
| WN19-DC-000130 |
V3R2 |
Windows Server 2019 domain controllers must run on a machine dedicated to that function. |
|
| WN19-MS-000030 |
V3R2 |
Windows Server 2019 local users on domain-joined member servers must not be enumerated. |
|
| WN22-00-000270 |
V2R2 |
Windows Server 2022 must have the roles and features required by the system documented. |
|
| WN22-00-000320 |
V2R2 |
Windows Server 2022 must not have the Fax Server role installed. |
|
| WN22-00-000340 |
V2R2 |
Windows Server 2022 must not have the Peer Name Resolution Protocol installed. |
|
| WN22-00-000350 |
V2R2 |
Windows Server 2022 must not have Simple TCP/IP Services installed. |
|
| WN22-00-000370 |
V2R2 |
Windows Server 2022 must not have the TFTP Client installed. |
|
| WN22-00-000380 |
V2R2 |
Windows Server 2022 must not the Server Message Block (SMB) v1 protocol installed. |
|
| WN22-00-000390 |
V2R2 |
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB server. |
|
| WN22-00-000400 |
V2R2 |
Windows Server 2022 must have the Server Message Block (SMB) v1 protocol disabled on the SMB client. |
|
| WN22-00-000410 |
V2R2 |
Windows Server 2022 must not have Windows PowerShell 2.0 installed. |
|
| WN22-CC-000010 |
V2R2 |
Windows Server 2022 must prevent the display of slide shows on the lock screen. |
|
| WN22-CC-000020 |
V2R2 |
Windows Server 2022 must have WDigest Authentication disabled. |
|
| WN22-CC-000150 |
V2R2 |
Windows Server 2022 downloading print driver packages over HTTP must be turned off. |
|
| WN22-CC-000160 |
V2R2 |
Windows Server 2022 printing over HTTP must be turned off. |
|
| WN22-CC-000170 |
V2R2 |
Windows Server 2022 network selection user interface (UI) must not be displayed on the logon screen. |
|
| WN22-CC-000200 |
V2R2 |
Windows Server 2022 Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft. |
|
| WN22-CC-000300 |
V2R2 |
Windows Server 2022 Microsoft Defender antivirus SmartScreen must be enabled. |
|
| WN22-CC-000400 |
V2R2 |
Windows Server 2022 must disable Basic authentication for RSS feeds over HTTP. |
|
| WN22-CC-000410 |
V2R2 |
Windows Server 2022 must prevent Indexing of encrypted files. |
|
| WN22-DC-000130 |
V2R2 |
Windows Server 2022 domain controllers must run on a machine dedicated to that function. |
|
| WN22-MS-000030 |
V2R2 |
Windows Server 2022 local users on domain-joined member servers must not be enumerated. |
|