| 1.3 Disable all management related services on WAN port | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.1 Ensure Authentication is configured | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.35 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - CAFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterAuthMode | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - PEMKeyFile | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.13 Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | ACCESS CONTROL |
| 4.3 Ensure Encryption of Data in Transit TLS or SSL (Transport Encryption) | CIS MongoDB 5 L1 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Configure Solaris Auditing - active audit policies = argv,cnt,zonename | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active non-attributable flags = lo | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active non-attributable flags = lo | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit condition = auditing | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile attributes: p_minfree=1; | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_flags root = lo,ad,ft,ex,cis:no | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_flags root = lo,ad,ft,ex,cis:no | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies = argv,cnt,zonename | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured audit policies = argv,cnt,zonename | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - var/audit/*.not_terminated.* | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 45.23 (L1) Ensure 'Network Security: Allow PKU2U authentication requests' is set to 'Block' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsFdv | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsFdv | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsOs | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Palo_Alto_Firewall_8_Benchmark_L1_v1.0.0.audit from CIS Palo Alto Firewall 8 Benchmark v1.0.0 | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | |
