| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS SUSE Linux Enterprise 15 v2.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS Debian Linux 12 v1.1.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure overlayfs kernel module is not available | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure GDM login banner is configured | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.2 Ensure GDM login banner is configured | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL |
| 2.2.39 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.43 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.44 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.3.5 Ensure Remote Login Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.5 (L1) Ensure 'Domain controller: LDAP server signing requirements Enforcement' is set to 'Enabled' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) - Accept if provided by client or higher | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | ACCESS CONTROL |
| 2.4.5 Disable Remote Login | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.5 Disable Remote Login | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.4.5 Ensure Remote Login Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.5 Ensure Remote Login Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.5 Ensure Remote Login Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure firewall filters contain explicit deny and log term | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.2.3 Ensure Home directory write access is restricted to owner | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 5.2.2 Ensure minimum password age is configured | CIS IBM AIX 7 v1.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.17 Ensure the 'TRIGGER' Audit Option Is Enabled | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.1.17 Ensure the 'TRIGGER' Audit Option Is Enabled | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.6 (L1) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.7 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 60 or fewer' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
