| 1.5.1 Ensure core dumps are restricted - hard core 0 | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 2.1.3 Ensure 'ADMIN_RESTRICTIONS_<listener_name>' Is Set to 'ON' | CIS Oracle Server 11g R2 Unix v2.2.0 | Unix | ACCESS CONTROL |
| 2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.43 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.7 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.5 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core file pattern | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file content | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file pattern | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - per-process setid core dumps = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_INIT_CONTENT is set to default | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.3.1 Establish DAS administrative group | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
| 3.6 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 4.1 Restrict Core Dumps - limits.conf | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 4.3 Review Users, Groups, and Roles - Groups list | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | ACCESS CONTROL |
| 5.3 Restrict Linux Kernel Capabilities within containers | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | ACCESS CONTROL |
| 6.1.11 Audit SUID executables | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.2.5 Ensure root is the only UID 0 account | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL |
| 6.10 Restrict root Login to System Console - Check if 'CONSOLE' in /etc/default/login is set to /dev/console. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/at.allow | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 6.32 Ensure Auto-Scaling Launch Configuration for Web Tier is configured to use the Web Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 6.33 Ensure Auto-Scaling Launch Configuration for App Tier is configured to use the App Tier Security Group | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 10.2 Restrict access to the web administration | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 18.9.28.2 Ensure 'Do not display network selection UI' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.10.80.1 Ensure 'Allow user control over installs' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Debug programs | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Deny access to this computer from the network | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Perform volume maintenance tasks | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Restore files and directories | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
