| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Verify all Apple provided software is current | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Turn off Bluetooth, if no paired devices exist | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.24 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.1 Set an inactivity interval of 20 minutes or less for the screen saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.5 Disable client facing Stack Traces - check for defined exception type | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.1 Disable 'Wake for network access' - Wake for network access | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.12 (L2) Host must enable volatile key destruction | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 3.1 Set a nondeterministic Shutdown command value | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 3.3 Ensure security auditing retention | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | ACCESS CONTROL |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 7 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
| 3.23 (L2) Host must deny shell access for the vpxuser account | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Ensure Weak Protocols are Disabled | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Ensure http server is not running | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Restrict access to Tomcat logs directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6 Restrict access to Tomcat binaries directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.2 Set a minimum password length | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5 (L2) Host should deactivate virtual hardware management network interfaces | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 5.13 Disable ability to login to another user's active and locked session | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure appropriate key file permissions are set | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.6 Ensure directory in logging.properties is a secure location - check application log directory is secure | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 8.15 (L2) VMware Tools must deactivate Guest Operations unless required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 10.5 Rename the manager application - host-manager/manager.xml | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.16 Enable memory leak listener | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.6 (L1) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.9.18.2 Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
