| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.3 Ensure 'LOGIN banner' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Ensure 'MOTD banner' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.1 Disable Power on Auto Provisioning (POAP) | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.1.2 Ensure Network Access Rules are set to Deny-by-default | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2.1 Ensure Private Endpoints are used to access {service} | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.1 Ensure source routed packets are not accepted | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.6 Ensure bogus ICMP responses are ignored | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Ensure DOS protection is enabled for untrusted interfaces | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.4 The default namespace should not be used | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.4 The default namespace should not be used | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.4 The default namespace should not be used | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.4 The default namespace should not be used | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.4 The default namespace should not be used | CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure that SNMP access is allowed to trusted agents IPs only | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.2 Ensure all groups in /etc/passwd exist in /etc/group | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.2 Ensure all groups in /etc/passwd exist in /etc/group | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.4 Ensure no duplicate GIDs exist | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.4 Ensure no duplicate GIDs exist | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.5 Ensure no duplicate user names exist | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.6 Ensure no duplicate group names exist | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.6 Ensure no duplicate group names exist | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.5 Ensure that 2048 bit keys are used for signing and encrypting SOAP messages with WS-Security policy | CIS IBM WebSphere Liberty v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.3.2.1 Ensure Private Endpoints are used to access Storage Accounts | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.3.2.3 Ensure default network access rule for storage accounts is set to deny | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
