| 1.1.39 Ensure that the --authorization-mode argument includes RBAC | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.3 Ensure Avahi Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure CUPS is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure echo services are not enabled - echo-stream | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Ensure DHCP Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.5 Ensure time services are not enabled - time-dgram | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure HTTP server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure xinetd is not enabled | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rsh.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.6 Restrict Published Information (if publishing is required) - publish-binf=no | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure SCTP is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure RDS is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.2 Ensure SCTP is disabled | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.4 Ensure TIPC is disabled | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun 514 | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.6.2 Disable SCTP | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.2 Activate the rsyslog Service - syslog | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts - $InputTCPServerRun 514 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.7 (L1) Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.8 (L2) Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.9 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.12 (L2) Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.13 (L2) Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.16 (L2) Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.17 (L2) Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.21 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.21 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.27 (L1) Ensure 'Telnet (TlntSvr)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.29 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.30 (L2) Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 5.31 (L2) Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 6.2.13 Ensure no users have .netrc files | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 9.4 Disable the HTTP Statistics Server | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOndomain | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - EnableLLTDIO | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - ProhibitRspndrOnPrivateNet | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableInBand802DOT11Registrar | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableUPnPRegistrar | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableUPnPRegistrar | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableWPDRegistrar | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.37.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.52.1.2 Ensure 'Enable Windows NTP Server' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.59.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| Disable Automounting | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows 10 v2004 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
