| 1.7.2 Disable iPXE (Pre-boot eXecution Environment) | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.8 (L2) Host integrated hardware management controller must secure authentication | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | ACCESS CONTROL |
| 1.9.3 Configure source interface for SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.4 Ensure Read Write privileges are not configured for SNMP | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.10 (L2) Host hardware must enable Intel SGX, if available | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.12 (L2) Host integrated hardware management controller must deactivate internal networking | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 2.5 (L1) Host must only run binaries delivered via signed VIB | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.9 (L1) Host must not suppress warnings about unmitigated hyperthreading vulnerabilities | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.10 (L1) Host must restrict inter-VM transparent page sharing | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.3.1 Set Interfaces with no Peers to Passive-Interface | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.4.2 Create and use a single Loopback Address for Routing Protocol Peering | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.4.3 Use Unicast Routing Protocols Only | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.5 Disable IP Source-Routing | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 (L1) Host must deactivate SLP | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 3.4.1 Configure LLDP | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Configure CDP | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 (L1) Host must deactivate CIM | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 3.6 (L1) Host should deactivate SNMP | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 3.25 (L1) Host must display a login banner for SSH connections | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.4 (L1) Host must set the logging informational level to info | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.3 (L1) Host must restrict use of the dvFilter network API | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 (L1) Host should reject promiscuous mode requests on standard virtual switches and port groups | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 (L1) Host must restrict access to a default or native VLAN on standard virtual switches | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switches | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 (L1) Host must isolate storage communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway ports | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.7 (L1) Virtual machines must limit PCI/PCIe device passthrough functionality | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.11 (L1) Virtual machines must remove unnecessary AHCI devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.19 (L1) Virtual machines must deactivate console paste operations | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.4 (L2) VMware Tools on deployed virtual machines must prevent being recustomized | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.12 (L1) VMware Tools must limit the use of MSI transforms when reconfiguring VMware Tools | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.13 (L1) VMware Tools must enable VMware Tools logging | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| CIS Control 1 (1.4) Maintain Detailed Asset Inventory | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| CIS Control 10 (10.2) Perform Complete System Backups | CAS Implementation Group 1 Audit File | Unix | CONTINGENCY PLANNING |
| CIS_Apache_Tomcat_8_L2_v1.1.0.audit from CIS Apache Tomcat 8 Benchmark | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | |
| CIS_Apache_Tomcat_10_L1_v1.1.0.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | |
| CIS_Apache_Tomcat_10_L2_v1.1.0.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | |
| CIS_Bottlerocket_v1.0.0_L1.audit from CIS Bottlerocket Benchmark Level 1 | CIS Bottlerocket L1 | Unix | |
| CIS_CentOS_Linux_8_v2.0.0_L1_Server.audit from CIS CentOS Linux 8 Benchmark v2.0.0 | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | |
| CIS_CentOS_Linux_8_v2.0.0_L1_Workstation.audit from CIS CentOS Linux 8 Benchmark v2.0.0 | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | |
| CIS_Debian_Linux_9_Server_v1.0.1_L1.audit from CIS Debian Linux 9 Benchmark | CIS Debian 9 Server L1 v1.0.1 | Unix | |
| CIS_Debian_Linux_12_v1.1.0_L2_Workstation.audit from CIS Debian Linux 12 Benchmark v1.1.0 | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | |
| CIS_Oracle_Server_18c_v1.1.0_L1_Windows.audit from CIS Oracle Database 18c Benchmark v1.1.0 | CIS Oracle Server 18c Windows v1.1.0 | Windows | |
| CIS_Rocky_Linux_9_v2.0.0_L2_Workstation.audit from CIS Rocky Linux 9 Benchmark v2.0.0 | CIS Rocky Linux 9 v2.0.0 L2 Workstation | Unix | |
