| 1.1 Remove extraneous files and directories (SERVER_DIR/webapps/host-manager.xml) | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (SERVER_DIR/webapps/manager) | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/webdav) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - RPM | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.5.9 Ensure systemd-coredump ProcessSizeMax is configured | CIS Rocky Linux 8 v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.5.10 Ensure systemd-coredump Storage is configured | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.5.12 Ensure kernel image loading is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 1.11 Ensure 'Unknown sources' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.13 Ensure 'Smart Lock' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.16 Ensure 'Speak passwords' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.26 Ensure 'Add users when device is locked' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.26 Ensure 'Add users when device is locked' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.39 WN19-00-000390 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.40 WN19-00-000400 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.61 (L1) Ensure 'Clear history for IE and IE mode every time you exit' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.128 WN19-CC-000350 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'Signed-out search activity' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.5.1.3 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1.2 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.4 iCloud Drive Document and Desktop sync - document | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'YouTube Search History' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.9 Ensure 'YouTube Watch History' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.10 Ensure 'Google Location History' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.16 Control the number of manager nodes in a swarm | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.27 Ensure 'Allow password sharing (supervised only)' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure network interfaces are not in promiscuous mode | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.2.21 Ensure sshd PermitUserEnvironment is disabled | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.2.21 Ensure sshd PermitUserEnvironment is disabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Do not use update instructions alone in the Dockerfile | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Do not use update instructions alone in the Dockerfile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Do not store secrets in Dockerfiles | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd HostbasedAuthentication is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd HostbasedAuthentication is disabled | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd HostbasedAuthentication is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.11 Ensure sshd HostbasedAuthentication is disabled | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.21 Ensure sshd PermitUserEnvironment is disabled | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.21 Ensure sshd PermitUserEnvironment is disabled | CIS Red Hat Enterprise Linux 10 v1.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.21 Ensure sshd PermitUserEnvironment is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.23 Ensure sshd PermitUserEnvironment is disabled | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.3 Verify that containers are running only a single main process | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.29 Do not use Docker's default bridge docker0 | CIS Docker 1.13.0 v1.0.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure NFS and RPC are not enabled - nfs-kernel-server | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure NFS and RPC are not enabled - rpcbind | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.6.4.1 (L1) Ensure 'Configure multicast DNS (mDNS) protocol' is set to 'Disabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
