| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.7.8 Ensure GDM autorun-never is enabled | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | MEDIA PROTECTION |
| 1.7.8 Ensure GDM autorun-never is enabled | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 7.2.10 (L1) Ensure reauthentication with verification code is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 7.2.10 (L1) Ensure reauthentication with verification code is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.100.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.100.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS Control 1 (1.6) Ensure that unauthorized assets are removed, quarantined or the inventory is updated | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| CIS Control 10 (10.5) Ensure All Backups Have at Least One Offline Backup Destination | CAS Implementation Group 1 Audit File | Unix | CONTINGENCY PLANNING |
| CIS Control 13 (13.2) Remove Sensitive Data or Systems Not Regularly Accessed by Organization | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco Firewall v8.x from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CIS_DC_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 1 | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | |
| CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | |
| CIS_MS_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 MS Level 1 | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | |
| CIS_MS_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 MS Level 2 | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | |
| CIS_v1.1.0_Oracle_11g_OS_Unix_Linux_Level_1.audit from CIS Security Configuration Benchmark For Oracle Database Server 11g version 1.1.0 | CIS v1.1.0 Oracle 11g OS L1 | Unix | |
| CIS_v1.1.0_Oracle_11g_OS_Unix_Linux_Level_2.audit from CIS Security Configuration Benchmark For Oracle Database Server 11g version 1.1.0 | CIS v1.1.0 Oracle 11g OS L2 | Unix | |
