| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.5 Ensure GDM screen locks cannot be overridden | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Debian 10 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.4 Ensure GDM screen locks when the user is idle | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Debian 10 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.8.5 Ensure GDM screen locks cannot be overridden | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 2.3.7.4 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.7.1 Ensure Screen Saver Corners Are Secure | CIS Apple macOS 15.0 Sequoia v1.1.0 L2 | Unix | ACCESS CONTROL |
| 2.10.1 Ensure an Inactivity Interval of 15 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 13.0 Ventura v3.1.0 L1 | Unix | ACCESS CONTROL |
| 2.11.1 Ensure an Inactivity Interval of 15 Minutes Or Less for the Screen Saver Is Enabled | CIS Apple macOS 15.0 Sequoia v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.7 (L1) Host must automatically terminate idle DCUI sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.8 (L1) Host must automatically terminate idle shells | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.13 (L1) Host must unlock accounts after a specified timeout period | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 4.4 (L1) Ensure account lockout is set to 15 minutes | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.5.3.2 Ensure default user shell timeout is configured | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL |
| 5.2.2.4 (L1) Ensure Sign-in frequency is enabled and browser sessions are not persistent for Administrative users | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | ACCESS CONTROL |
| 5.3 Ensure the Sudo Timeout Period Is Set to Zero | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4 Ensure a Separate Timestamp Is Enabled for Each User/tty Combo | CIS Apple macOS 15.0 Sequoia Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.3.2 Ensure default user shell timeout is configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user shell timeout is configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | ACCESS CONTROL |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 18.5.10 (L1) Ensure 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires' is set to 'Enabled: 5 or fewer seconds' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 49.8 (L1) Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL |
| ESXI-80-000114 - The ESXi host must offload logs via syslog. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
