| 1.2.15 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.16 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - Multicast addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure DCCP is disabled - modprobe | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2 Ensure loopback traffic is configured - output | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure That SSH Access Is Restricted From the Internet | CIS Google Cloud Platform v3.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.2 Ensure iptables-persistent is not installed | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.4 Ensure loopback traffic is configured - allow in v4 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.4 Ensure loopback traffic is configured - allow in v6 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.4 Ensure loopback traffic is configured - deny in from 127.0.0.0/8 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.1 Ensure IPv4 default deny firewall policy - OUTPUT | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.2 Ensure IPv4 loopback traffic is configured - INPUT | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.2 Ensure IPv4 loopback traffic is configured - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.5 Ensure base chains exist - forward | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.6 Ensure loopback traffic is configured - v4 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.10 Ensure nftables rules are permanent | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1 Ensure IPv6 default deny firewall policy - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2 Ensure IPv6 loopback traffic is configured - OUTPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.1 Ensure default deny firewall policy - INPUT | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.5 Ensure firewall rules exist for all open ports | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure That IP Forwarding Is Not Enabled on Instances | CIS Google Cloud Platform v3.0.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3 Minimize the admission of containers wishing to share the host process ID namespace | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.2 Consider external secret storage | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 (L1) Host must restrict access to a default or native VLAN on standard virtual switches | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switches | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Public Profile | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Public Profile | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Domain Profile | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Domain Profile | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Domain Profile | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Private Profile | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Public Profile | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Outbound Connections - Public Profile | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
