| 1.1.2 Ensure only trusted users are allowed to control Docker daemon | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.10 Do not create access keys during initial setup for IAM users with a console password | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.21 Ensure access to AWSCloudShellFullAccess is restricted | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.6.1 Ensure Guest Account Is Disabled | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.11.1 L2 Master Node | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.14 Ensure containers are restricted from acquiring new privileges | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.4.3.1.1 Ensure password failed attempts lockout is configured | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.4.3.1.3 Ensure password failed attempts lockout includes root account | CIS Oracle Linux 8 Workstation L2 v3.0.0 | Unix | ACCESS CONTROL |
| 5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.1.6.1 (L2) Ensure that collaboration invitations are sent to allowed domains only | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.1.6.2 (L1) Ensure that guest user access is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.1.6.2 (L1) Ensure that guest user access is restricted | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.1.6.3 (L2) Ensure guest user invitations are limited to the Guest Inviter role | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.1 Ensure Password Account Lockout Threshold Is Configured | CIS Apple macOS 14.0 Sonoma v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.1 (L2) Ensure 'Privileged Identity Management' is used to manage roles | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure system accounts are secured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.2.1.2 Ensure password unlock time is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.2.1.3 Ensure password failed attempts lockout includes root account | CIS SUSE Linux Enterprise 15 v2.0.1 L2 Workstation | Unix | ACCESS CONTROL |
| 5.3.3.1.1 Ensure password failed attempts lockout is configured | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.3.1.1 Ensure password failed attempts lockout is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.3.1.1 Ensure password failed attempts lockout is configured | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.3.1.2 Ensure password unlock time is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.3.4 (L1) Ensure approval is required for Global Administrator role activation | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.5 (L1) Ensure approval is required for Privileged Role Administrator activation | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure that an exclusionary device code flow policy is considered | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL |
| 6.12 Ensure that 'User consent for applications' is set to 'Do not allow user consent' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 6.25 Ensure that 'Subscription leaving Microsoft Entra tenant' and 'Subscription entering Microsoft Entra tenant' is set to 'Permit no one' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.1 Ensure authentication file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.1 Ensure authentication file permissions are set correctly | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 9.2 Check for Duplicate User Names | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.3.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.3.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.3.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.3.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 9.13 Check Groups in passwd | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.3.1.2 Ensure that Storage Account access keys are periodically regenerated | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.3.1.3 Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, MEDIA PROTECTION |
| MS.AAD.7.3v1 - Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
