| 1.4.1 Ensure permissions on bootloader config are configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure permissions on bootloader config are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure bootloader password is set | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure bootloader password is set | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Ensure interactive boot is not enabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.6 Ensure permissions on /etc/issue.net are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.4 Ensure 'Adjust memory quotas for a process' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.8 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.9 Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE, Users' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.11 Ensure 'Create a token object' is set to 'No One' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.13 Ensure 'Create permanent shared objects' is set to 'No One' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.14 Configure 'Create symbolic links' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.26 Ensure 'Load and unload device drivers' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.28 Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.34 Ensure 'Profile single process' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 3.2.1.11 Ensure 'Allow Erase All Content and Settings' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure permissions on /etc/hosts.allow are configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.4 Ensure permissions on /etc/hosts.allow are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.4 Ensure rsyslog default file permissions configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.3 Ensure permissions on all logfiles are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.2 Ensure permissions on SSH private host key files are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.23 Ensure SSH MaxSessions is set to 4 or less | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.7 Ensure access to the su command is restricted - wheel group contains root | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.1.14 Audit SGID executables | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.5 Ensure root is the only UID 0 account | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| Access Credential Manager as a trusted caller | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Back up files and directories | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Ensure authentication required for single user mode | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure system administrator actions (sudolog) are collected - auditctl | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Impersonate a client after authentication | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Profile single process | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Take ownership of files or other objects | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
