| 3.1.1 Require Explicit Authorization for Cataloging (CATALOG_NOAUTH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.2 Secure Ppermissions for Default Database File Path (DFTDBPATH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.3 Set Diagnostic Logging to Capture Errors and Warnings (DIAGLEVEL) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 3.1.5 Secure Permissions for Alternate Diagnostic Log Path (ALT_DIAGPATH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.6 Disable Client Discovery Requests (DISCOVER) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.11 Secure the Python Runtime Path (PYTHON_PATH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2.2 Turn Off Remote Command Legacy Mode (DB2RCMD_LEGACY_MODE) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.3.1 Secure Db2 Runtime Library | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.4 Disable Database Discovery (DISCOVER_DB) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.1.6 Secure Permissions for the Secondary Archive Log Location (LOGARCHMETH2) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.11 Set Archive Log Failover Retry Limit (NUMARCHRETRY) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Specify a Secure Authentication Type (AUTHENTICATION) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 5.2.3 Ensure Complex Password Must Contain Alphabetic Characters Is Configured | CIS Apple macOS 10.15 Catalina v3.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Database Manager Configuration Parameter: ALTERNATE_AUTH_ENC | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4 Database Manager Configuration Parameter: TRUST_ALLCLNTS | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 5.9 DB2DOMAINLIST Registry Variable (Windows only) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 7.1.1 Disable the Audit Buffer | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 7.1.2 Disable Limited Audit of Applications (DB2_LIMIT_AUDIT_APPS) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 8.1.6 Configure Secure TLS Cipher Suites (SSL_CIPHERSPECS) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.8 Configure a Client-side Key Store for TLS (SSL_CLNT_KEYDB) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.9 Configure a Client-side Stash File for TLS (SSL_CLNT_STASH) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.10 Enable TLS Communication Between HADR Primary and Standby Instances (HADR_SSL_LABEL) | CIS IBM DB2 11 v1.2.0 Windows OS Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.19.2 (L1) Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.19.2 (L1) Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.19.2 (L1) Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.19.2 (L1) Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.29.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.29.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.58.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Palo_Alto_Firewall_10_Benchmark_v1.3.0_L1.audit from CIS Palo Alto Firewall 10 Benchmark v1.3.0 | CIS Palo Alto Firewall 10 v1.3.0 L1 | Palo_Alto | |
