| 1.1 (L1) Ensure 'Open 'safe' files after downloading' is 'Disabled' | CIS MacOS Safari v2.0.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.1 Ensure default password of root is not allowed | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Required Special Characters | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Secure Password Enforcement | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.3.2 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.5 (L1) Ensure 'Control use of the File System API for writing' is set to 'Enabled: Don't allow any site to request write access to files and directories' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10.2 (L1) Ensure 'Allow cross-origin HTTP Authentication prompts' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.10.3 (L2) Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate' | CIS Microsoft Edge v3.0.0 L2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.11.1 (L1) Ensure 'Enable the linked account feature' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.21.1 (L1) Ensure 'Specifies whether to allow websites to make requests to more-private network endpoints' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.26.1 (L1) Ensure 'Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.34 (L1) Ensure 'Allow importing of browser settings' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.41 (L2) Ensure 'Allow or block video capture' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.42 (L2) Ensure 'Allow or deny screen capture' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.45 (L1) Ensure 'Allow remote debugging' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.47 (L2) Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.50 (L2) Ensure 'Allow users to open files using the DirectInvoke protocol' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.52 (L1) Ensure 'Allow websites to query for available payment methods' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.59 (L1) Ensure 'Clear browsing data when Microsoft Edge closes' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.62 (L1) Ensure 'Compose is enabled for writing on the web' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.69 (L1) Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.72 (L1) Ensure 'Continue running background apps after Microsoft Edge closes' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.74 (L2) Ensure 'Control use of the Headless Mode' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.78 (L1) Ensure 'Delete old browser data on migration' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.84 (L1) Ensure 'Enable AutoFill for addresses' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.93 (L1) Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.108 (L2) Ensure 'Enforce Bing SafeSearch' is set to 'Enabled: Configure moderate search restrictions in Bing' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 1.112 (L1) Ensure 'Hide the First-run experience and splash screen' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.118 (L1) Ensure 'Restrict exposure of local IP address by WebRTC' is set to 'Enabled: Allow public interface over http default route. This doesn't expose the local IP address' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.120 (L1) Ensure 'Set the time period for update notifications' is set to 'Enabled: 86400000' | CIS Microsoft Edge v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.121 (L1) Ensure 'Shopping in Microsoft Edge Enabled' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.129 (L1) Ensure 'Suggest similar pages when a webpage can't be found' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.130 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.135 (L2) Ensure 'Enable QR Code Generator' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 (L2) Ensure 'AutoFill web forms: User names and passwords' is 'Disabled' | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.15 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Ensure 'debug_print_plan' is disabled | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.17 Ensure 'debug_pretty_print' is enabled | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_timezone' is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure Prelogin 'Login Banner' is set - Login Banner | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure to set SSH MAC algorithm to hmac-sha2-256 | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1 Ensure redundant NTP servers are configured appropriately | CIS F5 Networks v1.0.0 L1 | F5 | AUDIT AND ACCOUNTABILITY |
| 6.1 (L1) Ensure 'Warn when visiting a fraudulent website' is 'Enabled' | CIS MacOS Safari v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure 'Attack Vectors' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.3 (L2) Ensure 'Block pop-up windows' is 'Enabled' (Scored) | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.8 Ensure SSL is enabled and configured correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 8.2 Ensure PostgreSQL subdirectory locations are outside the data cluster | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
