| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 11 v1.1.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.5 Ensure insecure registries are not used | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.1 OpenSSH - Installation | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 4.4 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 5 L2 OS Windows v1.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.11 Ensure only approved MAC algorithms are used | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.13 Ensure only strong MAC algorithms are used | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Debian 9 Server L1 v1.0.1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.14 Ensure only strong MAC algorithms are used | CIS Debian 9 Workstation L1 v1.0.1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - approved MACs | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - approved MACs | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd_config | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd_config | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - sshd_config | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.15 Ensure only strong MAC algorithms are used - weak MACs | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure SharePoint is configured with HTTPS connections | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 10.1 v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure SSL is enabled and configured correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure mod_ssl and/or mod_nss Is Installed - 'mod_ssl is loaded' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure WAL archiving is configured and functional - archive_command | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure WAL archiving is configured and functional - archive_mode | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure Weak SSL Protocols Are Disabled - 'SSLv2 or SSLv3' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure Weak SSL Protocols Are Disabled - 'TLSv1' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure Weak SSL/TLS Ciphers Are Disabled - 'VirtualHost SSLHonorCipherOrder = On' | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure Insecure SSL Renegotiation Is Not Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure Insecure SSL Renegotiation Is Not Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 7.7 Ensure SSL Compression is Not Enabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure SSL Compression is Not Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure Only Cipher Suites That Provide Forward Secrecy Are Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
