| 1.1.3.11.6 Configure 'Network Security: Restrict NTLM: Add server exceptions in this domain' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure separate partition exists for /var | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.6 Ensure separate partition exists for /var/tmp | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.12 Ensure separate partition exists for /home | CIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.14 Ensure that the admission control plugin NamespaceLifecycle is set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure authentication required for single user mode - emergency.service | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| 1.8 Ensure Retired JUNOS Devices are Disposed of Securely | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 1.10.3 Ensure 'logging to monitor' is disabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.12 Ensure email logging is configured for critical to emergency | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.1 Ensure 'snmp-server group' is set to 'v3 priv' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.4 Ensure 'SNMP traps' is enabled - coldstart | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure 'RIP authentication' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure 'OSPF authentication' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.3 Ensure packet fragments are restricted for untrusted interfaces | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.3.12 nfs_use_reserved_ports - portcheck | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 4.1.3.1 Ensure 'samesite' SameSite attribute is set to 'Strict' for additional cookies | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/sysconfig/network-scripts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/hosts | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl /etc/issue | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr (32-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat (64-bit) | CIS Aliyun Linux 2 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/insmod | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS CentOS 6 Server L2 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4.10 Ensure 'trustedHeaderOrigin' is set to trusted host names and IP addresses | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.19 Ensure SSH warning banner is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.20 Ensure SSH PAM is enabled - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.22 Ensure SSH MaxStartups is configured - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile /etc/profile.d/*.sh | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.19 Ensure no duplicate group names exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.4 Ensure directory in context.xml is a secure location - permissions | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 7.12 Siri on macOS | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 43 - Do not resolve hosts on logging valves - CONTEXT_XML | TNS Best Practice Jetty 9 Linux | Unix | CONFIGURATION MANAGEMENT |
| Ensure 'EIGRP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'OSPF authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - authentication | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - domain-lookup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure intrusion prevention is enabled for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Limit HTTP methods allowed by the Web Server. | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
