| 1.1.1.6 Ensure squashfs kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.7 Ensure udf kernel module is not available | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.8 Ensure udf kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure GDM is removed | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.8.1 Ensure GNOME Display Manager is removed | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.1 Ensure GNOME Display Manager is removed | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure X window server services are not in use | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure ldap client is not installed | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure Limit Ad Tracking Is Enabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.6 Ensure RDS is disabled | CIS Ubuntu Linux 20.04 LTS Server L2 v2.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure dccp kernel module is not available | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure dccp kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure tipc kernel module is not available | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure rds kernel module is not available | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.2.4 Ensure sctp kernel module is not available | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.3 Review Lockdown Mode | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.3 Review Lockdown Mode | MobileIron - CIS Apple iPadOS 18 v1.0.0 L2 Institutionally Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure 'App Privacy Report' is enabled | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure 'App Privacy Report' is enabled | AirWatch - CIS Apple iPadOS 18 v1.0.0 L2 End User Owned | MDM | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure sshd DisableForwarding is enabled | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1 (L1) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 (L1) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (DC only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure sshd DisableForwarding is enabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 18.4.1 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.2 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.5.7 (L2) Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.2 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.10.2 (L2) Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.21.4 (L1) Ensure 'Continue experiences on this device' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.5 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.6 (L2) Ensure 'Turn off Internet File Association service' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.36.2 (L1) Ensure 'Configure Solicited Remote Assistance' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.8.48.5.1 (L2) Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.4.1 (L1) Ensure 'Configure local setting override for reporting to Microsoft MAPS' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.2 (L1) Ensure 'Do not allow drive redirection' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
