| 1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.3.1 Ensure 'Minimum Password Complexity' is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | CIS MariaDB 10.11 v1.0.0 L2 MariaDB RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L2 MySQL RDBMS on Linux Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 (L2) Ensure Safe Attachments policy is enabled | CIS Microsoft 365 Foundations v6.0.1 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.3.3 Verify Display Sleep is set to a value larger than the Screen Saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure that the docker.service file ownership is set to root:root | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 3.2 Ensure that docker.service file permissions are appropriately set | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3 Ensure that docker.socket file ownership is set to root:root | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 3.4 Ensure that docker.socket file permissions are set to 644 or more restrictive | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.17 Ensure that the daemon.json file ownership is set to root:root | CIS Docker v1.8.0 L2 OS Linux | Unix | ACCESS CONTROL |
| 3.18 Ensure that daemon.json file permissions are set to 644 or more restrictive | CIS Docker v1.8.0 L2 OS Linux | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETEUID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETGID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETREUID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETSID : cis | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.4 Enable Auditing of Process and Privilege Events - AUE_SETUID : cis | CIS Solaris 11.2 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure Content trust for Docker is Enabled | CIS Docker v1.8.0 L2 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.3 Apply Security Context to Pods and Containers | CIS Google Kubernetes Engine GKE Autopilot v1.3.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 4.6.3 Apply Security Context to Pods and Containers | CIS Google Kubernetes Engine GKE v1.9.0 L2 GCP | GCP | CONFIGURATION MANAGEMENT |
| 5.1.4.5 (L1) Ensure Local Administrator Password Solution is enabled | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.15 Ensure that the 'on-failure' container restart policy is set to '5' | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.18 Ensure HTTP Header Permissions-Policy is set appropriately | CIS Apache HTTP Server 2.4 v2.3.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.18 Ensure that host devices are not directly exposed to containers | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 5.19 Ensure that the default ulimit is overwritten at runtime if needed | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.20 Ensure mount propagation mode is not set to shared | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.21 Ensure that the host's UTS namespace is not shared | CIS Docker v1.8.0 L1 OS Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.26 Ensure that the container is restricted from acquiring additional privileges | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 5.30 Ensure that Docker's default bridge "docker0" is not used | CIS Docker v1.8.0 L2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Avoid image sprawl | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.11.1 Ensure 'Disable HTTP proxy features: Disable WPAD' is set to 'Enabled: Checked' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 20.13 (L1) Ensure 'Web browser is supported and secured' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS VMware ESXi 5.5 v1.2.0 Level 1 | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| CIS VMware ESXi 5.5 v1.2.0 Level 2 | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
| CIS VMware ESXi 6.5 v1.0.0 Level 2 | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | |
| DKER-EE-001050 - TCP socket binding for all Docker Engine - Enterprise nodes in a Universal Control Plane (UCP) cluster must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-002070 - The Docker Enterprise default seccomp profile must not be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002160 - Docker Enterprise incoming container traffic must be bound to a specific host interface. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-002770 - Docker Enterprise container health must be checked at runtime. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-005060 - Docker Swarm must have the minimum number of manager nodes. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-005070 - Docker Enterprise Swarm manager auto-lock key must be rotated periodically. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
