| 1.3 Disable MySQL Command History | CIS MySQL 5.7 Community Windows OS L2 v2.0.0 | Windows | MEDIA PROTECTION |
| 1.4 Ensure That There Are Only GCP-Managed Service Account Keys for Each Service Account | CIS Google Cloud Platform v3.0.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 1.5.8 Ensure that the --max-wals argument is set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.5 Disable client-facing stack traces (check for defined exception type) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2.1 Ensure that the Anonymous Auth is Not Enabled Draft | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL |
| 3.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL |
| 3.2.4 Ensure that the --read-only-port is disabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure that the --eventRecordQPS argument is set to 0 or a level which ensures appropriate event capture | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.8 Ensure that the --rotate-certificates argument is not present or is set to true | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.3 Minimize wildcard use in Roles and ClusterRoles | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | IDENTIFICATION AND AUTHENTICATION |
| 4.1.4 Ensure that default service accounts are not actively used | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | ACCESS CONTROL |
| 4.1.7 Limit use of the Bind, Impersonate and Escalate permissions in the Kubernetes cluster | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | ACCESS CONTROL |
| 4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.9 Avoid non-default bindings to system:unauthenticated | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | ACCESS CONTROL |
| 4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.9 Secure Permissions for the Log Overflow Location (OVERFLOWLOGPATH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Ensure RDS event subscriptions are enabled for DB security groups | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 4.6.1 Create administrative boundaries between resources using namespaces | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.2 Minimize user access to Container Image repositories | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.7 Community Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS MySQL 5.7 Enterprise Database L2 v2.0.0 | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure a client list is set for SNMPv1/v2 communities | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1 Ensure Kubernetes Secrets are encrypted using keys managed in Cloud KMS | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5.5 Ensure Shielded GKE Nodes are Enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 5.5.6 Ensure Integrity Monitoring for Shielded GKE Nodes is Enabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | RISK ASSESSMENT |
| 5.10.2 Ensure that Alpha clusters are not used for production workloads | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.10.3 Consider GKE Sandbox for running untrusted workloads | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.3.5 Ensure rsyslog logging is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.5 Ensure rsyslog logging is configured | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog logging is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.6 Ensure rsyslog logging is configured | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 18.9.60.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows 10 v21H1 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows 11 v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Service - AllowUnencryptedTraffic | MSCT Windows Server 1903 MS v1.19.9 | Windows | ACCESS CONTROL |
| Mitigating an attack using TCP profiles | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000227 - OHS must not contain any robots.txt files - OHS must not contain any robots.txt files. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| SRG-OS-000071-ESXI5 - The system must require that passwords contain at least one numeric character. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| VCENTER-000027 - The system must set a timeout for all thick-client logins without activity. | DISA STIG VMWare ESXi vCenter 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
