| 1.2 Enable SSH (PermitRootLogin) | CIS FreeBSD v1.0.5 | Unix | ACCESS CONTROL |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.2.2 - Configuring SSH - disabling direct root access - 'PermitRootLogin = no' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 2.7 Ensure TLS authentication for Docker daemon is configured | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.2 (L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.3 (L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.5 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.6 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.7 (L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.32 Ensure 'Allow remote debugging' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | ACCESS CONTROL, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'Allow unmanaged devices' is set to 'False' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 18 v1.0.0 L1 Institutionally Owned | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.29 Ensure 'Allow proximity based password sharing requests' is set to 'Disabled' | AirWatch - CIS Apple iOS 18 v1.0.0 L1 Institution Owned | MDM | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.9 Ensure 'Require encryption on device' is set to 'True' | CIS Microsoft Exchange Server 2019 L1 MDM v1.0.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.11 (L1) Host must use strict x509 verification for TLS-enabled remote logging endpoints | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.39 listener.ora - 'secure_control_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 4.39 listener.ora - 'secure_control_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 4.40 listener.ora - 'secure_protocol_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS L1 | Unix | ACCESS CONTROL |
| 4.40 listener.ora - 'secure_protocol_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | ACCESS CONTROL |
| 4.41 listener.ora - 'secure_register_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 4.41 listener.ora - 'secure_register_listener_name = (TCP,IPC)' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.02 OAS - 'Encryption Type - sqlnet.encryption_server = REQUIRED' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.02 OAS - 'Encryption Type - sqlnet.encryption_server = REQUIRED' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.2.8 Ensure SSH root login is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.03 OAS - 'Encryption Type - sqlnet.encryption_client = REQUIRED' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.03 OAS - 'Encryption Type - sqlnet.encryption_client = REQUIRED' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_client = REQUIRED' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_client = REQUIRED' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_server = REQUIRED' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.05 OAS - 'Integrity Protection - sqlnet.crypto_checksum_server = REQUIRED' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.06 OAS - 'Integrity Protection - sqlnet.crypto_checksum_types_server = (SHA1)' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.06 OAS - 'Integrity Protection - sqlnet.crypto_checksum_types_server = (SHA1)' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 5.16 OAS - 'SSL Client Authentication - ssl_client_authentication = TRUE' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.16 OAS - 'SSL Client Authentication - ssl_client_authentication = TRUE' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 12.51 Remote Administration of Listener - 'Use encryption if remote administration is required' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 12.51 Remote Administration of Listener - 'Use encryption if remote administration is required' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 18.10.56.3.9.1 Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Client - AllowBasic | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow Basic authentication - Service - AllowBasic | MSCT Windows Server v1909 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow unencrypted traffic - WinRM Service | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server v1909 MS v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server 2019 DC v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server v1909 DC v1.0.0 | Windows | ACCESS CONTROL |
| Set client connection encryption level | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
