| 1.1.1.8 Ensure mounting of FAT filesystems is limited - vfat fstab | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.6 Ensure separate partition exists for /var | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.11 Ensure separate partition exists for /var/log | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.2.5 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3.2 Ensure all AppArmor Profiles are enforcing - 0 profiles are in complain mode | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 2.2.3 Ensure Avahi Server is not installed - avahi | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure SCTP is disabled - modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.4.3 Ensure RDS is disabled - modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1.1 Ensure audit log storage size is configured | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure augenrules is enabled | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action = email' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl /etc/localtime | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex settimeofday 32-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex settimeofday 64-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - rules.d stime 32-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify user/group information are collected - rules.d /etc/group | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify user/group information are collected - rules.d /etc/gshadow | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - rules.d /etc/issue | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify user/group information are collected - /etc/gshadow | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify user/group information are collected - /etc/security/opasswd | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/selinux/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure login and logout events are collected - tallylog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl btmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl wtmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - wtmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM 64-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - rules.d EACCES 32-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure discretionary access control permission modification events are collected - auditctl b64 chown fchown | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure discretionary access control permission modification events are collected - b32 chmod fchmod | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.12 Ensure successful file system mounts are collected - rules.d 32-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure file deletion events by users are collected - rules.d 64-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.14 Ensure successful file system mounts are collected - auditctl b64 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.14 Ensure successful file system mounts are collected - b64 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.15 Ensure system administrator command executions (sudo) are collected - auditctl 32-bit | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modules | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/insmod | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d modules | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.21 Ensure SSH AllowTcpForwarding is disabled | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| Monterey - Configure System to Audit All Administrative Action Events | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
| Monterey - Configure System to Audit All Administrative Action Events | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, MAINTENANCE |
