| 1.2.2 Ensure that the --basic-auth-file argument is not set | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.2 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.2 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes v1.10.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.3 Ensure that the --DenyServiceExternalIPs is not set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.3 Ensure that the --DenyServiceExternalIPs is not set | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.3 Ensure that the --token-auth-file parameter is not set | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.3 Ensure that the DenyServiceExternalIPs is set | CIS Kubernetes v1.10.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.3 Limit SSH Login Attempts to 3 or less | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.4 Ensure Exec Timeout for Console Sessions is set for less than 10 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3 (L1) Host hardware must enable Intel TXT, if available | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.4 (L1) Host hardware must enable and configure a TPM 2.0 | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5 (L1) Host integrated hardware management controller must be secure | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6 (L1) Host integrated hardware management controller must enable time synchronization | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6.5 Ensure 'Telnet' is disabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.3 Set SSH Key Modulus Length | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.9 (L2) Host hardware must enable AMD SEV-ES, if available | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.10 Use Dedicated "mgmt" Interface and VRF for Administrative Functions | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.6.7 Audit Lockdown Mode | CIS Apple macOS 13.0 Ventura v3.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.6.7 Audit Lockdown Mode | CIS Apple macOS 15.0 Sequoia v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.11 (L1) Host must use sufficient entropy for cryptographic operations | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.12 (L2) Host must enable volatile key destruction | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.24 (L1) Host must display a login banner for the DCUI and Host Client | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.3.3 daemon | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| 4.7.3.1 Ensure latest version of openssh is installed | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.7.3.5 Ensure sshd Banner is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.7.3.13 Ensure sshd PermitEmptyPasswords is disabled | CIS IBM AIX 7 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.7.3.15 Ensure sshd PermitRootLogin is disabled | CIS IBM AIX 7 v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.10 Ensure no users have .netrc files | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.12 Ensure no users have .netrc files | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.16 Ensure no users have .netrc files | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.16 Ensure no users have .netrc files | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.2.16 Ensure no users have .netrc files | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.1 (L2) Virtual machines must enable Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.3.3 (L1) Ensure secure protocols are used for virtual serial port access | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.3.3 Ensure secure protocols are used for virtual serial port access | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.6 (L1) VMware Tools must limit the automatic removal of features | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| Big Sur - Verify remote disconnection of sessions | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | MAINTENANCE |
