| 1.2.3 Set 'no exec' for 'line aux 0' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.3 Unset 'public' for 'snmp-server community' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.5 Set 'service tcp-keepalives-in' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure LDAP server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure DNS Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure HTTP Proxy Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure SNMP Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode - ss | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.18 Ensure telnet server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.21 Ensure talk server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.5 Ensure DHCP Server is not installed | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.5 Ensure DHCP Server is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure LDAP server is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure rpcbind is not installed or the rpcbind services are masked | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.10 Ensure IMAP and POP3 server is not installed | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.13 Ensure Samba is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure mail transfer agent is configured for local-only mode - netstat | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.16 Ensure mail transfer agent is configured for local-only mode | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Ensure SCTP is disabled - lsmod | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure SCTP is disabled - lsmod | CIS Fedora 19 Family Linux Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.4.3 Ensure RDS is disabled - lsmod | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.3 Ensure RDS is disabled - lsmod | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.10.1 Ensure ICMP Router Discovery is disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.8 Ensure SSH IgnoreRhosts is enabled | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.7 Ensure SSH X11 forwarding is disabled - sshd_config | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure SSH is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Remove keys from SSH authorized_keys file | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 6.15 Ensure Multicast Echo is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| 6.16 Ensure Ping Record Route is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| 8.1.2 Ensure only one remote console connection is permitted to a VM at any time | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.2.3 Ensure unnecessary parallel ports are disconnected | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.2.4 Ensure unnecessary serial ports are disconnected | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.2.5 Ensure unnecessary USB devices are disconnected | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.28 Ensure access to VM console via VNC protocol is limited | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.3.4 (L1) Ensure 'NetBT NodeType configuration' is set to 'Enabled: P-node (recommended)' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.5.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.36.2 (L2) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.36.2 (L2) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' (MS only) | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.16.1 (L1) Ensure 'Allow Diagnostic Data' is set to 'Enabled: Diagnostic data off (not recommended)' or 'Enabled: Send required diagnostic data' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.16.2 (L2) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage' | CIS Microsoft Windows Server 2016 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.63.1 (L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.63.1 (L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.80.2 (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.8.3 (L2) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
