| 1.1 Remove extraneous files and directories - /webapps/host-manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Enable app update installs | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.4 Enable system data files and security update installs - 'ConfigDataInstall' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Disable Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Show Bluetooth status in menu bar | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Enable 'Set time and date automatically' | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.3 Alter the Advertised server.built Date | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - CAFile | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Secure screen saver corners - top left corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4.1 Disable Remote Apple Events | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Disable Screen Sharing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - SMB | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Disable client facing Stack Traces - check for defined exception type | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.6 Turn off TRACE | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.6.5 Review Application Firewall Rules | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | ACCESS CONTROL |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2 Restrict access to $CATALINA_BASE | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6 Restrict access to Tomcat binaries directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.13 Restrict access to Tomcat tomcat-users.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Repair permissions regularly to ensure binaries and other System files have appropriate permissions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.7 Password Age | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 6.1.5 Remove Guest home folder | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Turn on filename extensions | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure secure is set to true only for SSL-enabled Connectors - verify secure is set to true | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 10.5 Rename the manager application - host-manager/manager.xml | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.9 Configure connectionTimeout | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.14 Do not allow cross context requests | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.94.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.94.1.1 Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 19.1.3.2 Ensure 'Force specific screen saver: Screen saver executable name' is set to 'Enabled: scrnsave.scr' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
