| 1.1.7 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure that the --repair-malformed-updates argument is set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.7 - MobileIron - Disable 'Remember passwords' - 'Samsung SAFE' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.6 (L2) Ensure the customer lockbox feature is enabled | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure that the apiserver file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Ensure that the controller manager pod specification file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.10 Ensure that the flanneld file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.14 Ensure that the admin.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.14 Ensure that the admin.conf file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure fs.protected_hardlinks is configured | CIS Rocky Linux 8 v3.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure fs.protected_symlinks is configured | CIS Red Hat Enterprise Linux 8 v4.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure fs.protected_symlinks is configured | CIS Rocky Linux 8 v3.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5.3 Ensure fs.protected_symlinks is configured | CIS AlmaLinux OS 8 v4.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Create Pod Security Policies for your cluster | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Do not admit privileged containers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.13 WN19-00-000130 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT I | Windows | CONFIGURATION MANAGEMENT |
| 1.46 WN19-00-000460 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT III | Windows | CONFIGURATION MANAGEMENT |
| 1.84 (L1) Ensure 'Disable saving browser history' is set to 'Disabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.114 (L2) Ensure 'Enforce Google SafeSearch' is set to 'Enabled' | CIS Microsoft Edge v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.128 (L1) Ensure 'Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context' is set to 'Disabled' | CIS Microsoft Edge v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.244 WN19-SO-000370 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT III | Windows | CONFIGURATION MANAGEMENT |
| 1.244 WN19-SO-000370 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT III | Windows | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure that the --cadvisor-port argument is set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure that the config file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure that the kubelet.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure that the kubelet.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure that the proxy file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.4.1.1 Ensure cron daemon is enabled and active | CIS Rocky Linux 8 v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1.1 Ensure cron daemon is enabled and active | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.4.2 Disable Internet Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.4 Disable Printer Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.7 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1.1 Ensure cron daemon is enabled and active | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Verify iPhone Mirroring Settings | MobileIron - CIS Apple iOS 18 v1.1.0 L1 Institution Owned | MDM | CONFIGURATION MANAGEMENT |
| 5.4.3.1 Ensure nologin is not listed in /etc/shells | CIS Oracle Linux 9 v2.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.12 Require an administrator password to access system-wide preferences | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 6.2.3 (L1) Ensure email from external senders is identified | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 8.6.1 (L1) Ensure users can report security concerns in Teams | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
