| 1.1 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3 Configure Secure Password Policy - EnsurePassword Memory | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Maximum Duration | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Required Numeric | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - User Lockout | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Enable 'Prevent users from bypassing SmartScreen Filter's application reputation warnings about files that are not commonly downloaded' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0 | CIS Amazon Linux v2.1.0 L2 | Unix | ACCESS CONTROL |
| 1.6.2 Ensure SELinux is installed | CIS Amazon Linux v2.1.0 L2 | Unix | ACCESS CONTROL |
| 2.1 Ensure that Remote Radius is used for Authentication Only | CIS F5 Networks v1.0.0 L2 | F5 | ACCESS CONTROL |
| 2.4 Ensure External Users' role is set to 'No Access' | CIS F5 Networks v1.0.0 L2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'action_mail_acct is configured' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr/lsetxattr/fsetxattr/removexattr | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl b64 EPERM | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2 Ensure minimum SNMP version is set to V3 for agent access | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Set 'Restrict File Download' to 'Enabled' - explorer.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Set 'Notification bar' to 'Enabled' -explorer.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.4 Set 'Consistent Mime Handling' to 'Enabled' - iexplore.exe | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Set 'MK Protocol Security Restriction' to 'Enabled' - explorer.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.1.2 Set 'Allow drag and drop or copy and paste files' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.1.6 Set 'Allow script- initiated windows without size or position constraints' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.1.8 Set 'Download signed ActiveX controls' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1.9 Set 'Download unsigned ActiveX controls' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.1 Set 'Intranet Sites: Include all network paths (UNCs)' to 'Disabled' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.5 Set 'Allow file downloads' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.11 Set 'Automatic prompting for file downloads' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.12 Set 'Download signed ActiveX controls' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.13 Set 'Automatic prompting for file downloads' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.15 Set 'Allow font downloads' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.15 Set 'Initialize and script ActiveX controls not marked as safe' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.18 Set 'Allow Binary and Script Behaviors' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.22 Set 'Run .NET Framework- reliant components signed with Authenticode' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.26 Set 'Software channel permissions' to 'Enabled:High safety' | CIS IE 9 v1.0.0 | Windows | ACCESS CONTROL |
| 8.3.29 Set 'Web sites in less privileged Web content zones can navigate into this zone' to 'Enabled:Disable' | CIS IE 9 v1.0.0 | Windows | ACCESS CONTROL |
| 8.3.30 Set 'Allow META REFRESH' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.3.35 Set 'Enable dragging of content from different domains within a window' to 'Enabled:Disable' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3.42 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.4.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.5.1 Set 'Java permissions' to 'Enabled:High safety' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.8.2 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.11 Set 'Security Zones: Use only machine settings' to 'Enabled' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 9.2 Set 'Disable the Advanced page' to 'Enabled' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 9.11 Configure 'Disable changing connection settings' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.14 Set 'Turn on the auto-complete feature for user names and passwords on forms' to 'Disabled' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 9.15 Set 'Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows' to 'Enabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
