| 1.1.2 Ensure NGINX is installed from source | SYSTEM AND SERVICES ACQUISITION |
| 2.1.1 Ensure only required modules are installed | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CONFIGURATION MANAGEMENT |
| 3.5 Ensure error logs are sent to a remote syslog server | AUDIT AND ACCOUNTABILITY |
| 3.6 Ensure access logs are sent to a remote syslog server | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure the upstream traffic server certificate is trusted | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.11 Ensure your domain is preloaded | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.12 Ensure session resumption is disabled to enable perfect forward security | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - proxy_ssl_ciphers | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.14 Ensure only Perfect Forward Secrecy Ciphers are Leveraged - ssl_ciphers | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.1 Ensure allow and deny filters limit access to specific IP addresses | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Ensure the number of connections per IP address is limited | SYSTEM AND SERVICES ACQUISITION |
| 5.2.5 Ensure rate limits by IP address are set | SYSTEM AND SERVICES ACQUISITION |
| CIS_NGINX_v2.0.1_Level_2_Loadbalancer.audit from CIS NGINX Benchmark v2.0.1 | |
