| 1.1 Remove extraneous files and directories - /webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - /webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Verify all application software is current | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1 | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Alter the Advertised server.info String | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Secure screen saver corners - bottom left corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.10.4 (L2) Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.4.5 Disable Remote Login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.5.2 Disable sleeping the computer when connected to power | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.6.1 Enable FileVault - Encryption Type | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.6 Enable Location Services | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.7 Monitor Location Services Access | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 2.7.2 iCloud keychain | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 3.1.2 Retain appfirewall.log for 90 or more days | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Enable security auditing | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit all failed events across all audit classes' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.3 Configure Security Auditing Flags - 'audit successful/failed login/logout events' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Create network specific locations | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 4.4 Ensure http server is not running | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.15 Restrict access to jaspic-providers.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4 Automatically lock the login keychain for inactivity | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Do not enable the 'root' account | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.8 Disable automatic login | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.9 Require a password to wake the computer from sleep or screen saver | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.13 Create a Login window banner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.17 Create specialized keychains for different purposes | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Safari disable Internet Plugins for global use | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.2 Ensure appropriate database file permissions are set | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | ACCESS CONTROL |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - permissions | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 7.6 Ensure directory in logging.properties is a secure location - check prefix application name | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.19 Ensure Manager Application Passwords are Encrypted | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.22.1.2 (L2) Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.3 (L2) Ensure 'Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.5 (L2) Ensure 'Turn off Internet File Association service' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.6 (L2) Ensure 'Turn off printing over HTTP' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.7 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.9 (L2) Ensure 'Turn off the 'Order Prints' picture task' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.53.1.1 (L2) Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
