| 1.1.3.17.1 Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.5.3.2 Set 'Windows Firewall: Public: Apply local firewall rules' to 'Yes (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | ACCESS CONTROL |
| 2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.28 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 2.2.29 (L2) Configure 'Log on as a service' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 2.2.29 (L2) Configure 'Log on as a service' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL |
| 2.2.30 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.4.2 (L2) Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL |
| 2.3.17.2 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.7 Ensure remote access capabilities for the User-ID service account are forbidden. | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.13 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | ACCESS CONTROL |
| 3.1.3 Require explicit authorization for cataloging - 'catalog_noauth = no' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's MSSQL Service Account is Not an Administrator | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | ACCESS CONTROL |
| 3.5 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2008 R2 DB OS L1 v1.7.0 | Windows | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2012 Database L1 OS v1.6.0 | Windows | ACCESS CONTROL |
| 3.6 Ensure the SQL Server's SQLAgent Service Account is Not an Administrator | CIS SQL Server 2014 Database L1 OS v1.5.0 | Windows | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 3.4 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - dbOwner | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - readWriteAnyDatabase | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Ensure device is not obviously jailbroken | MobileIron - CIS Apple iOS 13 and iPadOS 13 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure system administrator actions (sudolog) are collected | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure system administrator actions (sudolog) are collected | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure system administrator actions (sudolog) are collected - auditctl | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.3 Ensure rsyslog default file permissions configured | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.6 Ensure the set_user extension is installed | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.7 Ensure the set_user extension is installed | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.7 Ensure the set_user extension is installed | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.7 Ensure the set_user extension is installed | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.07 init.ora - 'os_authent_prefix = NULL String' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | ACCESS CONTROL |
| 5.1.7 Avoid use of system:masters group | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL |
| 5.2.2 Minimize the admission of privileged containers | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL |
| 5.2.14 Ensure SSH access is limited | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 7.0.1 Establish an administrator group - 'sysadm_group value' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 7.0.2 Establish system control group - 'sysctrl_group value' | CIS IBM DB2 OS L2 v1.2.0 | Unix | ACCESS CONTROL |
| 7.0.3 Establish system maintenance group - 'sysmaint_group users' | CIS IBM DB2 OS L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.0.4 Establish system monitoring group - 'sysmon_group users' | CIS IBM DB2 OS L1 v1.2.0 | Unix | ACCESS CONTROL |
| 8.5 Remove the toor user. | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
| 8.5 Verify that no UID 0 accounts exist other than root | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| Ensure SSH access is limited | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| ESXi : verify-admin-group | VMWare vSphere 5.X Hardening Guide | VMware | ACCESS CONTROL |
