| 1.1 Remove extraneous files and directories - /webapps/docs | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examples | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-manager | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/manager | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOT | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure that the --token-auth-file parameter is not set | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.18 Ensure that the --insecure-port argument is set to 0 | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure that the --profiling argument is set to false | CIS Kubernetes v1.10.0 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| 1.6.5 Ensure 'Telnet' is disabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.46 (L1) Ensure 'Allow the audio sandbox to run' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.54 (L1) Ensure 'Automatically import another browser's data and settings at first run' is set to 'Enabled: Disables automatic import, and the import section of the first-run experience is skipped' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.55 (L1) Ensure 'Automatically open downloaded MHT or MHTML files from the web in Internet Explorer mode' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.58 (L2) Ensure 'Browser sign-in settings' is set to 'Enabled: Disable browser sign-in' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.67 (L2) Ensure 'Configure Speech Recognition' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.68 (L1) Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.70 (L1) Ensure 'Configure the Share experience' is set to 'Enabled: Don't allow using the Share experience' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.85 (L1) Ensure 'Enable AutoFill for payment instructions' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.89 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.94 (L2) Ensure 'Enable guest mode' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.97 (L1) Ensure 'Enable resolution of navigation errors using a web service' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.115 (L2) Ensure 'Live captions allowed' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.134 (L1) Ensure 'Wallet Donation Enabled' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure Show Bluetooth Status in Menu Bar Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Disable USB Firmware and configuration installation | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0' | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.2.1.5 Ensure 'Allow personalized ads delivered by Apple' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.1.12 Ensure 'Allow sending diagnostic and usage data to Apple' is set to 'Disabled' | MobileIron - CIS Apple iOS 17 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.5.6 Ensure Limit Ad Tracking Is Enabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.8.1 Ensure Wake for Network Access Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.20 Ensure 'Allow pairing with non-Configurator hosts' is set to 'Disabled' | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | AirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.1 Review Manage Sharing & Access | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | AirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.2 Review Emergency Reset | MobileIron - CIS Apple iPadOS 17 Institutionally Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure 'App Privacy Report' is enabled | MobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L2 | MDM | CONFIGURATION MANAGEMENT |
| 4.2.4 Verify that the --read-only-port argument is set to 0 | CIS Kubernetes v1.10.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.6 Ensure that the --protect-kernel-defaults argument is set to true | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.6 Ensure that the --protect-kernel-defaults argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 5.2.7 Minimize the admission of containers with the NET_RAW capability | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.2.13 Minimize the admission of containers which use HostPorts | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | CONFIGURATION MANAGEMENT |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| Rule 881d54fe-3848-4d6a-95fd-42d48ebe60b8 | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Rule a9e18c21-ff8f-43cf-b9fc-db40eed693ba - a9e18c21-ff8f-43cf-b9fc-db40eed693ba | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
