| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /var/tmp partition | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure bootloader password is set - password_pbkdf2 | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.3 Ensure authentication required for single user mode | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure last logged in user display is disabled - file-db | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow users to accept untrusted TLS certificates' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl /etc/localtime | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl adjtimex settimeofday 32-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime 32-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - rules.d /etc/localtime | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown 32-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl setxattr 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - rules.d chmod 32-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - rules.d chmod 64-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - rules.d chown 32-bit | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - rules.d chown 64-bit | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl lsetxattr setxattr fsetxattr removexattr | CIS Debian 9 Server L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/insmod | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - rules.d /sbin/insmod | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.2.3 Ensure syslog-ng default file permissions configured | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 5.2.19 Ensure SSH warning banner is configured | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.19 Ensure SSH warning banner is configured | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.20 Ensure SSH PAM is enabled - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.20 Ensure SSH PAM is enabled - sshd_config | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.23 Ensure SSH MaxSessions is limited - sshd | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.9 Configure connectionTimeout | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.9 Configure connectionTimeout | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure connectionTimeout | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.16 Do not resolve hosts on logging valves | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.17 Enable memory leak listener - verify present | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.18 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.18 Setting Security Lifecycle Listener - check for umask uncommented in startup | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
