| 1.1.3 Configure Secure Password Policy - Minimum Password Length | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Required Uppercase | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.13 Ensure separate partition exists for /home | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0 | CIS Amazon Linux v2.1.0 L2 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.6 Ensure no unconfined daemons exist | CIS Amazon Linux v2.1.0 L2 | Unix | ACCESS CONTROL |
| 1.17.1 (L1) Ensure 'Enable saving passwords to the password manager' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.25.4 (L1) Ensure 'Force Microsoft Defender SmartScreen checks on downloads from trusted sources' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.25.5 (L1) Ensure 'Prevent bypassing Microsoft Defender SmartScreen prompts for sites' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.25.6 (L1) Ensure 'Prevent bypassing of Microsoft Defender SmartScreen warnings about downloads' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.101 (L1) Ensure 'Enable tab organization suggestions' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.102 (L1) Ensure 'Enable the Search bar' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.105 (L1) Ensure 'Enable use of ephemeral profiles' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.123 (L1) Ensure 'Show Microsoft Rewards experiences' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Ensure External Users' Terminal Access is Disabled | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 (L2) Ensure 'AutoFill user names and passwords' is 'Disabled' | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.2 Ensure auditd service is enabled | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime b32 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl time-change | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - clock_settime b64 | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/security/opasswd' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - '/etc/shadow' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - issue | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl utmp | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl b64 chown/fchown/fchownat/lchown | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod/fchmod/fchmodat | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - insmod | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure minimum SSH Encryption algorithm is set to aes128-cbc | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only | CIS F5 Networks v1.0.0 L1 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.2 Ensure to exclude inode information from ETags HTTP Header | CIS F5 Networks v1.0.0 L1 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.3 Ensure port lockdown for self IP is set | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4.1.2 Ensure minimum days between password changes is 7 or more - login.defs | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.3 Ensure password expiration warning days is 7 or more - login.defs | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.1.4 Ensure inactive password lock is 30 days or less - useradd | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bashrc | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.5 Ensure access to the su command is restricted - pam_wheel.so | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1 Ensure that SNMP access is allowed to trusted agents IPs only | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Audit system file permissions | CIS Amazon Linux v2.1.0 L2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.14 Audit SGID executables | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.2.7 Ensure all users' home directories exist | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.14 Ensure no users have .rhosts files | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.4 Ensure that audit logging for 'MCP, tmsh and GUI' is set to enabled | CIS F5 Networks v1.0.0 L1 | F5 | AUDIT AND ACCOUNTABILITY |
