| 1.6 Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.7.1 Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.1.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.2.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.2.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.4.1 Ensure the GKE Metadata Server is Enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.9.1 Enable Customer-Managed Encryption Keys (CMEK) for GKE Persistent Disks (PD) | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.2.1.1 Ensure systemd-journal-remote is installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.2.1.2 Ensure systemd-journal-upload authentication is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.1.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.1.3.7 Ensure rsyslog is not configured to receive logs from a remote client | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 6.2.3.6 Ensure rsyslog is configured to send logs to a remote log host | CIS AlmaLinux OS 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 18.8.52.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.50.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 (L1) Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 (L1) Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.51.1.2 Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanServer | MSCT Windows 11 v24H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanServer AuditInsecureGuestLogon | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanServer AuditInsecureGuestLogon | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Do not allow drive redirection | MSCT Windows 11 v24H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Do not allow drive redirection - fDisableCdm | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTAM059 - McAfee VirusScan On-Demand scan must be configured to record scanning activity in a log file. | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent downloading of enclosures | MSCT Windows 10 v1507 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures - DisableEnclosureDownload | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures - DisableEnclosureDownload | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
