| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 10.1 v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.2 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.2 (L1) Ensure 'Interactive logon: Don't display last signed-in' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4.6 Ensure 'Maximum number of failed attempts' is set to '6' | MobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned | MDM | ACCESS CONTROL |
| 3.1.1 Ensure IP forwarding is disabled - sysctl.conf ipv6 | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl net.ipv6.conf.default.accept_source_route | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.accept_redirects | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.default.secure_redirects = 0' | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.3 Ensure secure ICMP redirects are not accepted - sysctl net.ipv4.conf.default.secure_redirects | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.6 Ensure bogus ICMP responses are ignored - sysctl net.ipv4.icmp_ignore_bogus_error_responses | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.7 Ensure Reverse Path Filtering is enabled - net.ipv4.conf.default.rp_filter = 1 | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.default.accept_ra = 0 | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces. | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces. | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 4.2.12 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers | CIS Kubernetes v1.11.1 L1 Worker Node | Unix | CONFIGURATION MANAGEMENT |
| 4.3.2 Ensure sudo commands use pty | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 4.3.2 Ensure sudo commands use pty | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Rocky Linux 9 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Rocky Linux 9 v2.0.0 L1 Server | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.2.2 Ensure sudo commands use pty | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 5.3.2 Ensure sudo commands use pty | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure sudo commands use pty | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 8.6 (L1) VMware Tools must limit the automatic removal of features | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 11 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 10.17 Setting Security Lifecycle Listener - check for config component | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for config component | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for umask present in startup | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for umask uncommented in startup | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.17 Setting Security Lifecycle Listener - check for umask uncommented in startup | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 18.10.37.1.1 (L2) Ensure 'Turn off Windows Location Provider' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
