| 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Ensure that the controller manager pod specification file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.6 Ensure that the scheduler pod specification file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.8 Ensure that the etcd pod specification file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.16 Ensure that the scheduler.conf file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.18 Ensure that the controller-manager.conf file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.18 Ensure that the controller-manager.conf file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Do not admit containers wishing to share the host process ID namespace | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.3 Do not admit containers wishing to share the host IPC namespace | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure that the kubelet configuration file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.2 Disable Internet Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.3 Require Binding NTP Service to Loopback Interface - 'NTP/SNTP is bound to loopback' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4.4 Disable Printer Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 (L2) Ensure 'AutoFill web forms: Credit cards' is 'Disabled' | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 (L2) Ensure 'AutoFill web forms: Other forms' is 'Disabled' | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker-registry.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.5 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Ensure the ScoreBoard File Is Secured | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Verify that docker-registry environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that docker-registry environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.14 Ensure that Docker server certificate key file permissions are set to 400 | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Ensure that Docker socket file permissions are set to 660 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.23 Verify that Docker server certificate key file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.24 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.26 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.1 Secure Home Folders | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure Access to .ht* Files Is Restricted | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 8.1 Create Warnings for Standard Login Services - etc/issue perms | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.1 Create Warnings for Standard Login Services - etc/motd perms | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1.4 Set User/Group Owner and Permission on /etc/cron.daily | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1.7 Set User/Group Owner and Permission on /etc/cron.d | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.4 Verify No Legacy '+' Entries Exist in passwd, shadow, and group Files - Check for group | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 10.1 (L1) Ensure 'Show full website address' is 'Enabled' | CIS MacOS Safari v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 11.1 Set Warning Banner for Standard Login Services - /etc/issue.net permissions | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 11.1 Set Warning Banner for Standard Login Services - /etc/motd | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 11.2 Remove OS Information from Login Warning Banners - /etc/motd | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| IBM i : Force Conversion on Restore (QFRCCVNRST) - '>=3' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Scan File Systems (QSCANFS) - '*ROOTOPNUD' | IBM System i Security Reference for V7R2 | AS/400 | CONFIGURATION MANAGEMENT |
| IBM i : Scan File Systems Control (QSCANFSCTL)- '*NONE' | IBM System i Security Reference for V7R3 | AS/400 | CONFIGURATION MANAGEMENT |
