| 1.6.1.2 Ensure all AppArmor Profiles are in enforce or complain mode - unconfined | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - enforcing=0 | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure SELinux is not disabled in bootloader configuration - selinux=0 | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure all AppArmor Profiles are enforcing - complain | CIS Ubuntu Linux 18.04 LXD Container L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - loaded | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - complain | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - loaded | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 2.2.1.6 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.2.1.7 Ensure 'Allow documents from unmanaged sources in managed destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.2.1.18 Ensure 'Allow documents from managed sources in unmanaged destinations' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.20 Ensure 'Treat AirDrop as unmanaged destination' is set to 'Enabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.2.1.22 Ensure 'Require Touch ID / Face ID authentication before AutoFill' is set to 'Enabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.3.1 Ensure 'Managed Safari Web Domains' is `Configured` | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.6.1 Ensure 'Allow user to move messages from this account' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.8 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.9 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.10 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 4.5 Restrict access to Tomcat temp directory | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 5.1.1.1 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Network' Packages | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.1.5 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Job Scheduler' Packages | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.1.6 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'SQL Injection Helper' Packages | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.1.3.2 Ensure 'ALL' Is Revoked from Unauthorized 'GRANTEE' on 'DBA_%' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.3.3 Ensure 'ALL' Is Revoked on 'Sensitive' Tables | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.8 Ensure at/cron is restricted to authorized users - '/etc/at.allow' | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.1.8 Ensure at/cron is restricted to authorized users - '/etc/at.deny' | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.11 Ensure 'ALTER SYSTEM' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.2.16 Ensure 'GRANT ANY PRIVILEGE' Is Revoked from Unauthorized 'GRANTEE' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.1 Audit system file permissions | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.1 Audit system file permissions | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.14 Audit SGID executables | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.8 Ensure users' home directories permissions are 750 or more restrictive | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.9 Ensure users own their home directories | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
