| 1.1.1 Ensure that the API server pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.3 Ensure nodev option set on /tmp partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.5 Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.5 Ensure that the scheduler pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.7 Ensure that the etcd pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.7 Ensure that the etcd pod specification file permissions are set to 600 or more restrictive | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.9 Ensure nodev option set on /home partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictive | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.11 Ensure nosuid option set on /dev/shm partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.13 Ensure that the admin.conf file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.15 Ensure that the scheduler.conf file permissions are set to 600 or more restrictive | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.17 Ensure that the controller-manager.conf file permissions are set to 600 or more restrictive | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.1 Ensure that only organizationally managed/approved public groups exist | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.7 Ensure that the --authorization-mode argument includes Node | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.7 Ensure that the --authorization-mode argument includes Node | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.10 Ensure that the admission control plugin AlwaysAdmit is not set | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.2.13 Ensure that the admission control plugin ServiceAccount is set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.11 Ensure That Separation of Duties Is Enforced While Assigning KMS Related Roles to Users | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.5 Ensure that the --peer-client-cert-auth argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 2.15 Ensure 'Access Approval' is 'Enabled' | CIS Google Cloud Platform v3.0.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.4 Secure Permissions for All Diagnostic Logs (DIAGPATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.11 Secure the Python Runtime Path (PYTHON_PATH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.13 Secure the Communication Buffer Exit Library (COMM_EXIT_LIST) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure that policies do not use "ALL" as Service | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.4 Enable Extended Security (DB2_EXTSECURITY) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.5 Limit OS Privileges of Fenced Mode Process (DB2_LIMIT_FENCED_GROUP) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3.1 Secure Db2 Runtime Library | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS Microsoft SQL Server 2019 v1.4.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure Windows local groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.11 Ensure the public role in the msdb database is not granted access to SQL Agent proxies | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1 Ensure that the kubelet service file permissions are set to 600 or more restrictive | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.3 If proxy kubeconfig file exists ensure permissions are set to 600 or more restrictive | CIS Kubernetes v1.10.0 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.5 Ensure that the --kubeconfig kubelet.conf file permissions are set to 600 or more restrictive | CIS Kubernetes v1.10.0 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.7 Ensure that the certificate authorities file permissions are set to 600 or more restrictive | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.1 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes v1.10.0 L1 Worker | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Ensure the 'secure_file_priv' is Configured Correctly | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.17 Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.12 Ensure SSH PermitUserEnvironment is disabled | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1 Ensure permissions on /etc/passwd are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure permissions on /etc/shadow are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.3 Secure SYSMAINT Authority | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Secure SYSMON Authority | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
