| 1.1.1 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.11 Ensure that the admission control policy is set to DenyEscalatingExec | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.19 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.32 Ensure that the admission control policy is set to NodeRestriction | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.2 Enable Auto Update | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.2 Ensure that the API server pod specification file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.7 Ensure that the etcd pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.10 Ensure that the Container Network Interface file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.11 Ensure that the etcd data directory permissions are set to 700 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | |
| 1.4.12 Ensure that the etcd data directory ownership is set to etcd:etcd | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | |
| 1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - ca-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.5.2 Ensure that the --client-cert-auth argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.5.7 Ensure that the --wal-dir argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.3 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.5 Ensure that the --read-only-port argument is set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure that the --cadvisor-port argument is set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure that the RotateKubeletClientCertificate argument is not set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.5 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure that the proxy kubeconfig file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.6.1.2 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Java 6 is not the default Java runtime | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.5 Ensure that the --insecure-port argument is set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.6 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.9 Ensure that the admission control policy is set to NamespaceLifecycle | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.1.16 Ensure that the --service-account-lookup argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed file attribute modification events' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.1 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Ensure security auditing retention | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Create network specific locations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2 Check System Wide Applications for appropriate permissions | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.10 Require a password to wake the computer from sleep or screen saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.18 Secure individual keychains and items | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.1 Display login window as name and password | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1.5 Remove Guest home folder | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.13 Apple Watch features with macOS | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| CIS_Debian_Linux_10_v2.0.0_L1_Server.audit from CIS Debian Linux 10 Benchmark v2.0.0 | CIS Debian 10 Server L1 v2.0.0 | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L1_Server.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L1_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L2_Server.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L2 Server | Unix | |
| CIS_Oracle_Linux_9_v2.0.0_L1_Server.audit from CIS Oracle Linux 9 Benchmark v2.0.0 | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | |
| CIS_Rocky_Linux_8_v2.0.0_L1_Server.audit from CIS Rocky Linux 8 Benchmark v2.0.0 | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | |
| CIS_Rocky_Linux_8_v2.0.0_L1_Workstation.audit from CIS Rocky Linux 8 Benchmark v2.0.0 | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | |
