| 1.1.4.1.2 Ensure 'Bind to object' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.4.1.3 Ensure 'Consistent Mime Handling' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.4.1.12 Ensure 'Restrict File Download' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.2.4 Ensure 'Excel 2 worksheets' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.9 Ensure 'Excel 4 worksheets' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.2.10 Ensure 'Excel 95 workbooks' is set to 'Enabled: Open/Save Blocked, Use Open Policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.2.6 Ensure 'Block macros from running in Office files from the internet' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.4.7.4 Ensure 'Scan encrypted macros in Excel Open XML workbooks' is set to 'Enabled: Scan encrypted macros (default)' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.2 Secure screen saver corners - bottom right corner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.25.1.1 Ensure 'Allow users to submit feedback to Microsoft' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.25.1.4 Ensure 'Enable Customer Experience Improvement Program' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.6 Ensure 'Allow VBA to load typelib references by path from untrusted intranet locations' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.27.15 Ensure 'Load Controls in Forms3' is set to 'Enabled: 4' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.31.2 Ensure 'Suppress external signature services menu item' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.11.8.6.1 Ensure 'Default file format' is set to 'Enabled: Word Document (.docx)' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.11.8.7.2.1.8 Ensure 'Word 97 binary documents and templates' is set to 'Enabled: Open/Save blocked, use open policy' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11.8.7.2.2.1 Ensure 'Do not open files from the internet zone in Protected View' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11.8.7.2.5 Ensure 'Disable Trust Bar Notification for unsigned application add-ins and block them' is set to 'Enabled' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Restrict access to $CATALINA_BASE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.15 Restrict access to jaspic-providers.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Check Library folder for world writable files | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.8 Password History | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.14 Create a custom message for the Login Screen | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.15 Create a Login window banner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - AFP Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.11 App Store Password Settings | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.17 AirDrop security considerations | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.4 Force SSL when accessing the manager application via HTTP | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
