| 1.1.2.6.1 Ensure separate partition exists for /var/log | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.2.36 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.13 Ensure separate partition exists for /home | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1.5 Ensure the SELinux mode is enforcing | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 3.2.2 Ensure tipc kernel module is not available | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - /etc/localtime | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - adjtimex | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - clock_settime (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/issue.net | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/sysconfig/network-scripts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure session initiation information is collected - /var/run/utmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/log/btmp | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - auditctl (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.8 Ensure sshd DisableForwarding is enabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.1.4 Ensure auditd service is enabled | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.1 Ensure audit log storage size is configured | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2.3 Ensure system is disabled when audit logs are full | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.4 Ensure events that modify date and time information are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.8 Ensure events that modify user/group information are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.10 Ensure successful file system mounts are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.11 Ensure session initiation information is collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.10 Ensure audit tools belong to group root | CIS Amazon Linux 2 v3.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 17.5.4 (L1) Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 17.5.4 Ensure 'Audit Other Logon/Logoff Events' is set to 'Success and Failure' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v2004 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
