| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.all.secure_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.4 Ensure suspicious packets are logged - sysctl.conf sysctl.d net.ipv4.conf.all.log_martians | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.5 Ensure broadcast ICMP requests are ignored - sysctl.conf sysctl.d net.ipv4.icmp_echo_ignore_broadcasts | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.6 Ensure bogus ICMP responses are ignored - sysctl.conf sysctl.d net.ipv4.icmp_ignore_bogus_error_responses | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_ra | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure TCP Wrappers is installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3 Ensure /etc/hosts.deny is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.5 Ensure permissions on /etc/hosts.deny are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.2 Ensure SCTP is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.3 Ensure RDS is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.4 Ensure TIPC is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.4 Ensure TIPC is disabled - modprobe | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.2 Ensure loopback traffic is configured - output | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3 Ensure outbound and established connections are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $InputTCPServerRun | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Ensure logrotate is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Ensure cron daemon is enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.5 Ensure permissions on /etc/cron.weekly are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure permissions on SSH private host key files are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.11 Ensure SSH PermitEmptyPasswords is disabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.14 Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.15 Ensure SSH LoginGraceTime is set to one minute or less | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so' | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Ensure access to the su command is restricted - /etc/group | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.14 Audit SGID executables | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3 Ensure no legacy "+" entries exist in /etc/shadow | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.8 Ensure users' home directories permissions are 750 or more restrictive | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.11 Ensure no users have .forward files | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.7.5 (L1) Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.7.5 Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.6 (L1) Ensure 'Configure RPC listener settings: Authentication protocol to use for incoming RPC connections:' is set to 'Enabled: Negotiate' or higher | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.7.6 (L1) Ensure 'Configure RPC listener settings: Authentication protocol to use for incoming RPC connections:' is set to 'Enabled: Negotiate' or higher | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.7.7 (L1) Ensure 'Configure RPC over TCP port' is set to 'Enabled: 0' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.7 Ensure 'Configure RPC over TCP port' is set to 'Enabled: 0' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| VMCH-06-000012 - The unexposed feature keyword isolation.tools.ghi.launchmenu.change must be set. | DISA VMware vSphere Virtual Machine Version 6 STIG v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000013 - The unexposed feature keyword isolation.tools.memSchedFakeSampleStats.disable must be set. | DISA VMware vSphere Virtual Machine Version 6 STIG v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000017 - The unexposed feature keyword isolation.tools.trashFolderState.disable must be set. | DISA VMware vSphere Virtual Machine Version 6 STIG v1r1 | VMware | CONFIGURATION MANAGEMENT |
| VMCH-06-000018 - The unexposed feature keyword isolation.tools.ghi.trayicon.disable must be set. | DISA VMware vSphere Virtual Machine Version 6 STIG v1r1 | VMware | CONFIGURATION MANAGEMENT |
