| 1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.1.8 Set 'Minimum password age' to '1 or more day(s)' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.3 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8 (L2) Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 (L1) Ensure 'Disable saving browser history' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.25 (L1) Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Establish a Secure Baseline - Make sure that system/webconsole:console only allows local connections (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3.4 (L2) Ensure 'Default third-party storage partitioning setting' Is Enabled and Blocked | CIS Google Chrome L2 v3.0.0 | Windows | ACCESS CONTROL |
| 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.9.1 (L1) Ensure 'Enable First-Party Sets' Is Disabled | CIS Google Chrome L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.10.1 (L1) Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 (L1) Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads' | CIS Google Chrome L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.16 (L1) Ensure 'Notify a user that a browser relaunch or device restart is recommended or required' is set to 'Enabled: Show a recurring prompt to the user indication that a relaunch is required' | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.22 (L1) Ensure 'Enable TLS Encrypted ClientHello' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Disable Broadcast Packet Forwarding - Check ip_forward_directed_broadcasts value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.14 Set ARP Cleanup Interval - Check arp_cleanup_interval value. Expected value: 60000. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.15 Disable TCP Reverse IP Source Routing - Check tcp_rev_src_routes value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.18 Lock down dtspcd(8) - Check tcp_extra_priv_ports_add value. Expected value: 6112. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_INIT_CONTENT is set to default | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.14 (L2) Ensure 'Enable search suggestions' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.15 (L2) Ensure 'Enable Translate' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1 (L2) Ensure 'Allow or deny screen capture' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.2 Enable FTP daemon Logging - Make sure that exec is set to /usr/sbin/in.ftpd -a -l -d | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.8 (L2) Ensure 'Block Window Management permission on these sites' Is Configured | CIS Google Chrome L2 v3.0.0 | Windows | ACCESS CONTROL |
| 4.7 (L2) Ensure 'Controls the mode of DNS-over-HTTPS' is set to 'Enabled: DNS-over-HTTPS without insecure fallback' | CIS Google Chrome L2 v3.0.0 | Windows | ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Enable System Accounting - Check if contents of /var/spool/cron/crontabs/sys (/usr/lib/sa/sa1)are OK. | CIS Solaris 10 L1 v5.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 (L2) Ensure 'Incognito mode availability' is set to 'Enabled: Incognito mode disabled' | CIS Google Chrome L2 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.3 (L1) Ensure 'Set disk cache size, in bytes' is set to 'Enabled: 250609664' | CIS Google Chrome L1 v3.0.0 | Windows | MEDIA PROTECTION |
| 6.1.10 Set SSH PermitEmptyPasswords to no - Check if PermitEmptyPasswords is set to no and not commented for the server | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.3 Disable 'nobody' Access for RPC Encryption Key Storage Service - Check if 'ENABLE_NOBODY_KEYS' is set to NO. | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.6 Set Delay between Failed Login Attempts to 4. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.8 Set Default Screen Lock for GNOME Users - Check if timeout is set to 0:10:00 in /usr/openwin/lib/app-defaults/XScreenSaver. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.9 Restrict at/cron To Authorized Users - should pass if /etc/cron.d/at.allow permissions are OK. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.10 Restrict root Login to System Console - Check if 'CONSOLE' in /etc/default/login is set to /dev/console. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.11 Set Retry Limit for Account Lockout, Check if 'LOCK_AFTER_RETRIES' in /etc/default/login is set to YES | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 6.13 Secure the GRUB Menu - Check if 'lock' command is set after failsafe section | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Secure the GRUB Menu - should pass if /boot/grub/menu.lst permissions are OK. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Disable System Accounts - Ensure account 'bin' is locked. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - Ensure account 'lp' disallows password login. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - Ensure account 'nobody' is locked. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - Ensure account 'nuucp' is locked. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'noaccess' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'nuucp' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'postgres' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.1 Disable System Accounts - should pass if the default shell for 'webservd' is set to /usr/bin/false. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.1 Create Warnings for Standard Login Services - Check if /etc/motd is set appropriately. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.3 Create Warnings Banner for GNOME Users - Check if Greeter is set to /usr/bin/gdmlogin | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 9.16 Check for Duplicate GIDs | CIS Solaris 10 L1 v5.2 | Unix | IDENTIFICATION AND AUTHENTICATION |
