| 1.4.5 Disable MCS Translation Service (mcstrans) | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.6.8 Disable sending diagnostic and usage data to Apple | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure internal sources are blocked on external networks | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure SQL Server is configured to use non-standard ports | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.12 Ensure 'Hide Instance' option is set to 'Yes' for Production SQL Server instances | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.3 Forbid Dial in Access | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.5.1.3 NIS - remove NIS markers from password and group files - /etc/group | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.5.1.3 NIS - remove NIS markers from password and group files - /etc/passwd | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.5.2 Ensure SCTP is disabled - lsmod | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure VPC flow logging is enabled in all VPCs | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | CIS Google Cloud Platform Foundation v4.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.14 Ensure Accept RIP is not enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure a SNS topic is created for sending out notifications from RDS events | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 4.2.4 Enable AI /heuristic based malware detection | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.14 Ensure that the --seccomp-default parameter is set to true | CIS Kubernetes v1.11.1 L1 Worker Node | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd | CIS CentOS 6 Server L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Ensure all WildFire session information settings are enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Ensure all WildFire session information settings are enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and info | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical/high, and set to default on medium, low, and info | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.10.6 Ensure Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 6.10.7 Ensure Reverse Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 6.10.9 Ensure Finger Service is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.11.2 Ensure Auxiliary Port is Set as Insecure If Used | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Ensure Autoinstallation is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.5 Ensure that port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.1.15 Set 'Launching programs and unsafe files' to 'Enabled:Disable' | CIS IE 10 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt' | CIS IE 10 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.1 Ensure access to VMs through the dvfilter network APIs is configured correctly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 9.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| CIS Control 3 (3.6(a)) Deploy Automated Software Patch Management Tools | CAS Implementation Group 1 Audit File | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CIS Control 3 (3.6(b)) Deploy Automated Software Patch Management Tools | CAS Implementation Group 1 Audit File | Unix | SYSTEM AND INFORMATION INTEGRITY |
