| 1.1.1 Ensure /tmp is configured | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.16 Ensure nosuid option set on /dev/shm partition | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.17 Ensure separate partition exists for /home | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.18 Ensure nodev option set on removable media partitions | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.19 Ensure nosuid option set on removable media partitions | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.2 Ensure local login warning banner is configured properly | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.1.2 Ensure local login warning banner is configured properly | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure GDM login banner is configured - banner message enabled | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure GDM login banner is configured - banner message text | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure last logged in user display is disabled - file-db | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure last logged in user display is disabled - system-db:gdm | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure last logged in user display is disabled - user-db:user | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.3 Ensure secure ICMP redirects are not accepted - 'sysctl net.ipv4.conf.default.secure_redirects' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.5 Ensure broadcast ICMP requests are ignored - sysctl.conf/sysctl.d | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.6 Ensure bogus ICMP responses are ignored - (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.7 Ensure Reverse Path Filtering is enabled - 'sysctl net.ipv4.conf.default.rp_filter' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3.10 Ensure successful file system mounts are collected | CIS CentOS Linux 8 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.12 Ensure successful file system mounts are collected - auditctl (32-bit) | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/insmod | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modprobe | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl modules | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl rmmod | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (64-bit) | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - init_module/delete_module (32-bit) | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - insmod | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - modprobe | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/insmod | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/modprobe | CIS Red Hat 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/rmmod | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/rmmod | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.4 Ensure rsyslog default file permissions configured | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Use pg_permission extension to audit object permissions | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 5.2.20 Ensure SSH PAM is enabled | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.23 Ensure SSH MaxSessions is set to 4 or less | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.20 Ensure SSH PAM is enabled | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.20 Ensure SSH PAM is enabled - sshd_config | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3 Ensure all users' home directories exist | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.14 Set SSH Banner - Banner /etc/issue | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.5.6 (L1) Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.5.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.6.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.9.1 (L2) Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 19.7.44.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
