| 1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.4 Ensure nosuid option set on /tmp partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.18 Ensure nodev option set on removable media partitions | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.21 Ensure that the Kubernetes PKI key file permissions are set to 600 | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.1 Ensure AIDE is installed | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.3.1 Ensure AIDE is installed | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.3.2 Ensure filesystem integrity is regularly checked | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.5.1.5 Ensure permissions on /etc/issue are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.8 Ensure That Separation of Duties Is Enforced While Assigning Service Account Related Roles to Users | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 1.9 Ensure That Cloud KMS Cryptokeys Are Not Anonymously or Publicly Accessible | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Ensure extension directory has appropriate ownership and permissions | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Ensure extension directory has appropriate ownership and permissions | CIS PostgreSQL 13 OS v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.19.5 (L1) Ensure 'Prevent users from changing permissions on rights managed content' is set to 'Disabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5.1.2.1 (L1) Ensure 'Do not allow users to change permissions on folders' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5.10.8.1.2.1 (L1) Ensure 'Access to published calendars' is set to 'Enabled' | CIS Microsoft Intune for Office v1.1.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5.10.8.1.2.1 Ensure 'Access to published calendars' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.3 Disable Grants During Restore (DB2_RESTORE_GRANT_ADMIN_AUTHORITIES) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.4 Enable Extended Security (DB2_EXTSECURITY) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.1 Ensure All Default Passwords Are Changed | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.1.1 Ensure that the kubelet service file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.7 Secure Permissions for the Tertiary Archive Log Location (FAILARCHPATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.9 Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.14 Specify a Secure Location for External Tables (EXTBL_LOCATION) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Ensure That Compute Instances Do Not Have Public IP Addresses | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 4.18 init.ora - 'audit_sys_operations = TRUE' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3.1 (L1) Ensure a dynamic group for guest users is created | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3.1 (L1) Ensure a dynamic group for guest users is created | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.6 Ensure access to the su command is restricted - /etc/pam.d/su | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.15 Ensure the file permissions ownership and group membership of system files and commands match the vendor values | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.6 Ensure That Cloud SQL Database Instances Do Not Have Public IPs | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 (L1) Ensure external content sharing is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.7 (L1) Ensure link sharing is restricted in SharePoint and OneDrive | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1.7 (L1) Ensure shareable links are restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L2 Database | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| DTBI697 - Ability for users to enable or disable add-ons must be enforced. | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | ACCESS CONTROL |
| UBTU-16-020350 - The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software - egid b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-16-020350 - The audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software - euid b32 | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | ACCESS CONTROL |
| UBTU-18-010358 - The Ubuntu operating system must prevent all software from executing at higher privilege levels than users executing the software and the audit system must be configured to audit the execution of privileged functions. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| WA00547 A22 - The ability to override the access configuration for the OS root directory must be disabled. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG210 A22 - Web content directories must not be anonymously shared. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
