| 1.1 Ensure a separate user and group exist for Cassandra - group | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 1.1.3.1.3 Set 'Accounts: Administrator account status' to 'Disabled'. | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.17 Set 'Modify firmware environment values' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.23 Set 'Restore files and directories' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.4.3 Ensure authentication required for single user mode - rescue.service | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.2.1 (L1) Ensure 'Access Credential Manager as a trusted caller' is set to 'No One' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Ensure 'Access Credential Manager as a trusted caller' is set to 'No One' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.3 Ensure 'Act as part of the operating system' is set to 'No One' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.21 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.25 Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.29 Configure 'Log on as a service' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.35 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.38 Ensure 'Shut down the system' is set to 'Administrators, Users' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.38 Ensure 'Shut down the system' is set to 'Administrators, Users' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 3.2.1.13 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.14 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.16 Ensure system administrator actions (sudolog) are collected | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog default file permissions configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.19 Ensure SSH warning banner is configured | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Ensure root login is restricted to system console | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.7 Ensure access to the su command is restricted - pam_wheel.so | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.7 Ensure access to the su command is restricted - wheel group contains root | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.1.13 Audit SUID executables | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root is the only UID 0 account | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Create a pagefile | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Create global objects | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Debug programs | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Force shutdown from a remote system | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Force shutdown from a remote system | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Load and unload device drivers | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Load and unload device drivers | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Load and unload device drivers | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Manage auditing and security log | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Modify firmware environment values | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Profile single process | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Profile single process | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Restore files and directories | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
