| 1.1.10 Ensure that the admission control plugin AlwaysAdmit is not set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.10 Ensure that the admission control policy is set to AlwaysPullImages | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.11 Ensure that the admission control policy is not set to AlwaysAdmit | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.13 Ensure that the admission control plugin SecurityContextDeny is set | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | ACCESS CONTROL |
| 1.1.24 Ensure that the admission control policy is set to PodSecurityPolicy | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.27 Ensure that the admission control plugin ServiceAccount is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.31 Ensure that the --authorization-mode argument is set to Node | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.33 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.33 Ensure that the admission control plugin NodeRestriction is set | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Enterprise Linux OS L1 v1.4.0 | Unix | ACCESS CONTROL |
| 1.3.3 Ensure that the --use-service-account-credentials argument is set to true | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.6.3 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 2.2.11 (L1) Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.12 (L1) Ensure 'Change the time zone' is set to 'Administrators, LOCAL SERVICE' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.13 (L1) Ensure 'Create a pagefile' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.29 Ensure 'Deny log on as a service' to include 'No one' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.36 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' (DC Only) | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.39 (L1) Ensure 'Modify an object label' is set to 'No One' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.42 (L1) Ensure 'Profile single process' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.43 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.44 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 (L1) Ensure 'Shut down the system' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.47 (L1) Ensure 'Synchronize directory service data' is set to 'No One' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3 Ensure the SharePoint setup account is configured with the minimum privileges in Active Directory. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 2.3.10.7 (L1) Ensure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Configure 'Network access: Remotely accessible registry paths' is configured | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.7 Set Group and Other Permissions Read-Only for BIND Non-Runtime Directories - 'other' permissions | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.7 Set Group and Other Permissions Read-Only for BIND Non-Runtime Directories - 'other' permissions | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.9 Ensure that the SharePoint Online Web Part Gallery component is configured with limited access | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 4.4 Restrict Access to All Key Files - user root/named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 4.5 Verify Active Directory group membership for the 'ESX Admins' group | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 5.1.2 Check System Wide Applications for appropriate permissions | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL |
| 9.3.13 Limit Access via SSH | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.1 Restrict access to the DB2 Control Center | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Debug programs | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Enable computer and user accounts to be trusted for delegation | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Impersonate a client after authentication | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Load and unload device drivers | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
