| 1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.8 Ensure Websphere Liberty file system access is Restricted | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.9 Ensure that the 'onConflict attribute' is set to 'IGNORE' to restrict config file overwrites | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1 Prevent Database Users from Logging into the Operating System | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.4 Ensure that the kubelet configuration file ownership is set to root:root | CIS Google Kubernetes Engine GKE v1.9.0 L1 Unix | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Secure Db2 Runtime Library | CIS IBM DB2 11 v1.2.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.2 Secure the Database Container Directory | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.9 Ensure access on /etc/ssh/sshd_config is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.11 Ensure access on /var/adm/cron/cron.allow is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.13 Ensure access on /var/ct/RMstart.log is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.15 Ensure access on /var/tmp/hostmibd.log is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.16 Ensure access on /var/tmp/snmpd.log is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.17 Ensure crontab is restricted to authorized users | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.10 Ensure root user has a dedicated home directory | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.4 Restrict Access to SYSCAT.COLDIST | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.8 Restrict Access to SYSCAT.CONTEXTS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.11 Restrict Access to SYSCAT.DBAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.15 Restrict Access to SYSCAT.INDEXAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.19 Restrict Access to SYSCAT.PASSTHRUAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.23 Restrict Access to SYSCAT.ROUTINES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.30 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.32 Restrict Access to SYSCAT.SCHEMAAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.33 Restrict Access to SYSCAT.SCHEMATA | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.37 Restrict Access to SYSCAT.SURROGATEAUTHIDS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.43 Restrict Access to SYSCAT.WORKLOADAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.13 Restrict Access to SYSIBM.SYSEVENTTABLES | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.16 Restrict Access to SYSIBM.SYSMODULEAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.17 Restrict Access to SYSIBM.SYSPASSTHRUAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.24 Restrict Access to SYSIBM.ROUTINES_S | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.27 Restrict Access to SYSIBM.SYSSECURITYLABELACCESS | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.39 Restrict Access to SYSIBM.SYSTABAUTH | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4.5 Restrict Access to SYSPROC.AUTH_LIST_ROLES_FOR_AUTHID | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.1 Restrict Access to Tablespaces | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6.1.9 Ensure access to /etc/dt/config/Xconfig is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6.1.10 Ensure the file /etc/dt/config/Xservers is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6.3.4 Ensure sshd access is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6.4.4 Ensure access to /etc/mail/sendmail.cf is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3 Ensure permissions on SSH public host key files are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3 Minimize cluster access to read-only for Container Image repositories | CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.1 Ensure that all appropriate EJB methods are protected | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5 Ensure access to the su command is restricted | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1 Ensure permissions on /etc/passwd are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.7 Ensure permissions on /etc/group- are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.15 Secure EXTERNALROUTINE Authority | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.17 Secure SETSESSIONUSER Privilege | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.4 Nested Roles | CIS IBM DB2 11 v1.2.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.9 Ensure users own their home directories | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.2.4 Secure the Stash File | CIS IBM DB2 11 v1.2.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
