| 1.1.1.1 Ensure mounting of udf filesystems is disabled | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure 'Password Policy' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames - User ID Agents | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.7 (L1) Ensure 'Back up files and directories' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.10 (L1) Ensure 'Create a pagefile' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.12 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.14 (L1) Configure 'Create symbolic links' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.15 (L1) Ensure 'Debug programs' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.21 (L1) Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'No One' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.22 (L1) Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.25 (L1) Ensure 'Increase scheduling priority' is set to 'Administrators' - Window Manager\Window Manager Group' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.26 (L1) Ensure 'Load and unload device drivers' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.30 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.7 Ensure remote access capabilities for the User-ID service account are forbidden. | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 4.04 init.ora - 'remote_os_roles = FALSE' | CIS v1.1.0 Oracle 11g OS L1 | Unix | ACCESS CONTROL |
| 4.08 init.ora - 'os_roles = FALSE' | CIS v1.1.0 Oracle 11g OS L1 | Unix | ACCESS CONTROL |
| 5.3.9 Collect Login and Logout Events - /var/log/btmp | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.9 Collect Login and Logout Events - /var/log/faillog | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.10 Collect Session Initiation Information - /var/log/wtmp | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.10 Collect Session Initiation Information - /var/run/utmp | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.4.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.1 Ensure password expiration is 365 days or less - login.defs | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.1 Ensure password expiration is 365 days or less - users | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - users | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - users | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - users | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.5 Ensure all users last password change date is in the past | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.2.3 Audit Passwords System Preference Setting | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 9.2.4 Verify No Legacy '+' Entries Exist in /etc/group File - + Entries Exist in /etc/group File | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Configure the System to Notify upon Account Enabled Actions | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL |
| Catalina - FileVault Authorized Users | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL |
| Catalina - FileVault Authorized Users | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| CIS Control 16 (16.8(b)) Disable Any Unassociated Accounts | CAS Implementation Group 1 Audit File | Unix | ACCESS CONTROL |
| Monterey - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Monterey - Automatically Remove or Disable Temporary or Emergency User Accounts within 72 Hours | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Disabled Actions | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Disabled Actions | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| Monterey - Configure the System to Notify upon Account Modified Actions | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Monterey - Employ Automated Mechanisms for Account Management Functions | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL |
| Monterey - Employ Automated Mechanisms for Account Management Functions | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL |
| Monterey - Employ Automated Mechanisms for Account Management Functions | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| Monterey - Employ Automated Mechanisms for Account Management Functions | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL |
