| 1.5.1 Ensure core dumps are restricted - hard core 0 | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 2.1.3 Ensure 'ADMIN_RESTRICTIONS_<listener_name>' Is Set to 'ON' | CIS Oracle Server 11g R2 Unix v2.2.0 | Unix | ACCESS CONTROL |
| 2.3.5.1 (L1) Ensure 'Domain controller: Allow server operators to schedule tasks' is set to 'Disabled' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.10.9 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.11 (L1) Ensure 'Network access: Restrict clients allowed to make remote calls to SAM' is set to 'Administrators: Remote Access: Allow' (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.2 (L1) Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' or higher | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.4 (L1) Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.5 (L1) Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file pattern | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file content | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file pattern | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_INIT_CONTENT is set to default | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.3.1 Establish DAS administrative group | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Restrict Core Dumps - limits.conf | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 5.3 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 6.1.11 Audit SUID executables | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.10 Restrict root Login to System Console - Check if 'CONSOLE' in /etc/default/login is set to /dev/console. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/at.allow | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.32 Ensure Auto-Scaling Launch Configuration for Web Tier is configured to use the Web Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 6.33 Ensure Auto-Scaling Launch Configuration for App Tier is configured to use the App Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 10.2 Restrict access to the web administration | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.9.28.2 (L1) Ensure 'Do not display network selection UI' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 18.9.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.10.80.1 Ensure 'Allow user control over installs' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.10.81.1 (L1) Ensure 'Allow user control over installs' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| Console Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| ESXi : audit-exception-users | VMWare vSphere 6.5 Hardening Guide | VMware | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| Management Services Security - Configure read-only access; use read-write only when required - usm | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| User Authentication Security - Centralized authentication - Create an emergency local account in the event authentication is unavailable | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
