| 1.1 Ensure the appropriate MongoDB software version/patches are installed | CIS MongoDB 5 L1 DB v1.2.0 | MongoDB | CONFIGURATION MANAGEMENT |
| 1.3 Enable app update installs | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5 Enable macOS update installs | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Turn off Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Secure screen saver corners - bottom right corner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.3 Set a screen corner to Start Screen Saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.6 Disable DVD or CD Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1.1 Enable FileVault | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ensure least privilege for database accounts | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
| 3.1.8 Ensure that the admission control policy is not set to AlwaysAdmit | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.1.17 Ensure that the --service-account-key-file argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.19 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure Security Auditing Flags - 'audit successful/failed administrative events' | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure that role-based access control is enabled and configured appropriately - users | CIS MongoDB 5 L1 DB v1.2.0 | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.5 Review Superuser/Admin Roles - readWriteAnyDatabase | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 4.2 Restrict access to $CATALINA_BASE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.15 Restrict access to jaspic-providers.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Check Library folder for world writable files | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.1 Configure account lockout threshold | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.8 Password History | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.14 Create a custom message for the Login Screen | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.15 Create a Login window banner | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.4 Disable 'Allow guests to connect to shared folders' - AFP Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Use parental controls for systems that are not centrally managed | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.4 Software Inventory Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.11 App Store Password Settings | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.17 AirDrop security considerations | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.4 Force SSL when accessing the manager application via HTTP | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
