| 1.1.1.8 Ensure mounting of FAT filesystems is limited - modprobe | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.12 Ensure separate partition exists for /var/log/audit | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.2.1 Ensure SELinux is not disabled in bootloader configuration - selinux=0 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.6 Ensure no unconfined daemons exist | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3.2 Ensure all AppArmor Profiles are enforcing - 0 processes are unconfirmed | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 3.4.4 Ensure TIPC is disabled - lsmod | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure wireless interfaces are disabled | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure discretionary access control permission modification events are collected - b64 chown fchown | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.12 Ensure unsuccessful unauthorized file access attempts are collected - b32 EPERM | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure successful file system mounts are collected - auditctl b32 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.14 Ensure successful file system mounts are collected - b32 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1 (L2) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.1 (L2) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.17 (L2) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.17 (L2) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 8.2.1 (L2) Ensure external domains are restricted in the Teams admin center | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.7 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.1 (L2) Ensure 'Allow Clipboard synchronization across devices' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.1 (L2) Ensure 'Turn off the advertising ID' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.1 (L2) Ensure 'Turn off the advertising ID' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.1 (L2) Ensure 'Turn off the advertising ID' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.13.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.13.2 (L2) Ensure 'Turn off cloud optimized content' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.41.1 (L2) Ensure 'Allow Message Service Cloud Sync' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.8.1 (L2) Ensure 'Convert warn verdict to block' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.8.1 (L2) Ensure 'Convert warn verdict to block' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow location redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 81.1 (L2) Ensure 'Bluetooth Audio Gateway Service (BTAGService)' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 81.15 (L2) Ensure 'Peer Name Resolution Protocol (PNRPsvc)' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| Big Sur - Configure Apple System Log Files To Mode 640 or Less Permissive | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | SYSTEM AND INFORMATION INTEGRITY |
| ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r4 | Unix | ACCESS CONTROL |
| Monterey - Configure Apple System Log Files To Mode 640 or Less Permissive | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | SYSTEM AND INFORMATION INTEGRITY |
