| 1.7.1.6 Ensure no unconfined services exist | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure xinetd is not installed | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure xinetd is not installed | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure 'extproc' Is Not Present in 'listener.ora' | CIS Oracle Server 11g R2 Unix v2.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure LDAP server is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure FTP Server is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure HTTP server is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.14 Ensure SNMP Server is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode - ss | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.16 Ensure rsync service is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure rpcbind is not installed or the rpcbind services are masked | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure DNS Server is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure DNS Server is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure HTTP server is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure IMAP and POP3 server is not enabled | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.12 Ensure IMAP and POP3 server is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.13 Ensure Samba is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.14 Ensure HTTP Proxy Server is not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure mail transfer agent is configured for local-only mode - netstat | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rsync is not installed or the rsyncd service is masked | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Ensure nonessential services are removed or masked | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 Ensure nonessential services are removed or masked | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.23 Disable Mounting of squashfs Filesystems | CIS Debian Linux 7 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.24 Disable Mounting of udf Filesystems | CIS Debian Linux 7 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.1 Ensure 'Allow screenshots and screen recording' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.2 Ensure 'Allow voice dialing while device is locked' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.3 Ensure 'Allow Siri while device is locked' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.11 Ensure 'Allow installing configuration profiles' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow modifying cellular data app settings' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.15 Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 3.4.1 Ensure DCCP is disabled - lsmod | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.4 Ensure TIPC is disabled - lsmod | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - InputTCPServerRun | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.6 Ensure remote rsyslog messages are only accepted on designated log hosts - ModLoad | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Ensure secrets are not stored in Dockerfiles | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.11 Ensure verified packages are only Installed | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.7 Ensure tftp-server is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.7 Ensure SSH IgnoreRhosts is enabled | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.8 Ensure SSH IgnoreRhosts is enabled | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3.4 Ensure SSH Protocol is set to 2 | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Ensure only needed ports are open on the container | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Ensure incoming container traffic is binded to a specific host interface | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.5.2 Disable SCTP | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 13.19 Check for Presence of User .forward Files | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - tftp-server | Juniper Hardening JunOS 12 Devices Checklist | Juniper | CONFIGURATION MANAGEMENT |
