| 1.2.1 Ensure the container host has been Hardened | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.6.5 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.22 WN10-00-000100 | CIS Microsoft Windows 10 STIG v1.0.0 CAT I | Windows | CONFIGURATION MANAGEMENT |
| 2.8 Ensure 'credentials' are not stored in configuration files | CIS IIS 8.0 v1.5.1 Level 2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | CIS IIS 7 L2 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure 'credentials' are not stored in configuration files - Default | CIS IIS 7 L2 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_FCHROOT : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEUID : cis | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETPGID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREGID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent Requests | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request Rate | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Not Logging Only Mode | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.5 Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.5 Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.7 (L1) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.7 (L1) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.7 (L1) Ensure 'IIS Admin Service (IISADMIN)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.29 Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| ESXi : audit-exception-users | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi : config-persistent-logs | VMWare vSphere 6.0 Hardening Guide | VMware | AUDIT AND ACCOUNTABILITY |
| ESXi : enable-chap-auth | VMWare vSphere 6.0 Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
| ESXi : enable-normal-lockdown-mode | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi : set-account-auto-unlock-time | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi : set-dcui-access | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi : set-dcui-timeout | VMWare vSphere 6.0 Hardening Guide | VMware | ACCESS CONTROL |
| ESXi : TransparentPageSharing-intra-enabled | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND INFORMATION INTEGRITY |
| ESXi : verify-acceptance-level-accepted | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r12 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. | DISA IIS 10.0 Server v3r4 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000129 - The IIS 10.0 web server must perform RFC 5280-compliant certification path validation. | DISA IIS 10.0 Server v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| IIST-SV-000143 - The IIS 10.0 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 10.0 Server v3r4 | Windows | ACCESS CONTROL |
| IIST-SV-000200 - The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests. | DISA IIS 10.0 Server v3r4 | Windows | ACCESS CONTROL |
| IIST-SV-000200 - The IIS 10.0 websites MaxConnections setting must be configured to limit the number of allowed simultaneous session requests. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IISW-SI-000206 - Both the log file and Event Tracing for Windows (ETW) for each IIS 8.5 website must be enabled. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SI-000237 - The IIS 8.5 website must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 8.5 Site v2r9 | Windows | ACCESS CONTROL |
| IISW-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 8.5 web server must be enabled. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000117 - The IIS 8.5 web server must not perform user management for hosted applications. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000129 - The IIS 8.5 web server must perform RFC 5280-compliant certification path validation. | DISA IIS 8.5 Server v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| IISW-SV-000143 - The IIS 8.5 web server must provide the capability to immediately disconnect or disable remote access to the hosted applications. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| vCenter : verify-nfc-ssl | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VM : disable-console-paste | VMWare vSphere 6.0 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : disable-independent-nonpersistent | VMWare vSphere 6.0 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : disable-unexposed-features-unity | VMWare vSphere 6.0 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VM : disable-unexposed-features-unity-windowcontents | VMWare vSphere 6.0 Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : reject-forged-transmit-dvportgroup | VMWare vSphere 6.0 Hardening Guide | VMware | |
| vNetwork : restrict-netflow-usage | VMWare vSphere 6.0 Hardening Guide | VMware | |
