| 1.4.6 Check for Unconfined Daemons | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure LDAP server is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure LDAP server is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure DNS Server is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure FTP Server is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure CUPS is not installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure LDAP server is not installed | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure HTTP server is not installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.12 Ensure HTTP Proxy Server is not installed | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure SNMP is configured properly - 'community name private does not exist' | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1 Disable IPv6 | CIS Red Hat 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.5 Ensure icmp redirects are not accepted | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.4.4 Ensure TIPC is disabled - modprobe | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.4 Log Suspicious Packets - net.ipv4.conf.all.log_martians = 1 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.5 Enable Ignore Broadcast Requests - net.ipv4.icmp_echo_ignore_broadcasts = 1 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.4.1.2 Disable IPv6 Redirect Acceptance - net.ipv6.conf.default.accept_redirect = 0 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.6 Ensure SSH IgnoreRhosts is enabled | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.6 Ensure SSH X11 forwarding is disabled | CIS Ubuntu Linux 18.04 LXD Container L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.6 Ensure SSH X11 forwarding is disabled | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.21 Ensure SSH AllowTcpForwarding is disabled | CIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure the ESXi shell is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.9 Ensure SSH IgnoreRhosts is enabled | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | CONFIGURATION MANAGEMENT |
| 6.2.6 Set SSH IgnoreRhosts to Yes | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 8.4.3 Ensure VMsafe Agent Port is configured correctly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.4 Ensure VMsafe Agent is configured correctly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.9 Ensure Unity Active is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.10 Ensure Unity Window Contents is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.11 Ensure Unity Push Update is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.15 Ensure Request Disk Topology is disabled | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.33.6.2 (L2) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.36.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.36.2 (L2) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.38.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.38.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.16.1 (L1) Ensure 'Allow Diagnostic Data' is set to 'Enabled: Diagnostic data off (not recommended)' or 'Enabled: Send required diagnostic data' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.16.2 (L2) Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.16.4 (L1) Ensure 'Do not show feedback notifications' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.63.1 (L2) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.8.3 (L2) Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
