| 1.1.2.2.2 Ensure nodev option set on /dev/shm partition | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.2.3 Ensure nosuid option set on /dev/shm partition | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.2.4 Ensure noexec option set on /dev/shm partition | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.2 Ensure nodev option set on /var partition | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.3 Ensure nosuid option set on /var partition | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.4.3 Ensure nosuid option set on /var partition | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.2 Ensure nodev option set on /var/tmp partition | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.3 Ensure nosuid option set on /var/tmp partition | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.6.3 Ensure nosuid option set on /var/log partition | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.2 Ensure nodev option set on /var/log/audit partition | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.7.4 Ensure noexec option set on /var/log/audit partition | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.3 Ensure that the controller manager pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.11.1 L1 Master Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.19 Ensure nosuid is set on users' home directories. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root | CIS Kubernetes v1.11.1 L1 Master Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.20 Ensure that the OpenShift PKI certificate file permissions are set to 600 or more restrictive | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.21 Ensure that the OpenShift PKI key file permissions are set to 600 | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.10 Ensure that the admission control plugin AlwaysAdmit is not set | CIS Kubernetes v1.11.1 L1 Master Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.1.1 Ensure SELinux is installed | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.1 Ensure bootloader password is set | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.2 Ensure access to bootloader config is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure Access to Audit Records Is Controlled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1 Ensure that the kubelet service file permissions are set to 600 or more restrictive | CIS Kubernetes v1.11.1 L1 Master Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 644 or more restrictive | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.9 If the kubelet config.yaml configuration file is being used validate permissions set to 600 or more restrictive | CIS Kubernetes v1.11.1 L1 Worker Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Restrict access to $CATALINA_BASE | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes v1.11.1 L1 Worker Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.3 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Use secure Realms | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3 Ensure permissions on SSH public host key files are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3 Ensure permissions on SSH public host key files are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure Appropriate Permissions Are Enabled for System Wide Applications | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.3 Ensure group root is the only GID 0 group | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.4 Ensure root account access is controlled | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4.2.6 Ensure root user umask is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure Guest Access to Shared Folders Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.10 Ensure no world writable files exist | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.21 Ensure local interactive user is a member of the group owner. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.26 Ensure local interactive users' dot files executable paths resolve to the users home directory. | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.2 Ensure permissions on /etc/passwd- are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.3 Ensure permissions on /etc/group are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.5 Ensure permissions on /etc/shadow are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.8 Ensure permissions on /etc/gshadow- are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.10 Ensure permissions on /etc/security/opasswd are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.11 Ensure world writable files and directories are secured | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1.13 Ensure SUID and SGID files are reviewed | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.8 Ensure local interactive user home directories are configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.6 Ensure directory in logging.properties is a secure location | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
