| 1.1 Ensure single sign-on (SSO) is configured for your account / organization | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.1.3 Configure Secure Password Policy - EnsurePassword Memory | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Maximum Duration | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Required Numeric | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - User Lockout | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.7 Ensure authentication key pairs are rotated every 180 days | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Limit the number of users with ACCOUNTADMIN and SECURITYADMIN | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.11 Ensure that all users granted the ACCOUNTADMIN role have an email address assigned | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.12 Ensure that no users have ACCOUNTADMIN or SECURITYADMIN as the default role | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.13 Ensure that the ACCOUNTADMIN or SECURITYADMIN role is not granted to any custom role | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.14 Ensure that Snowflake tasks are not owned by the ACCOUNTADMIN or SECURITYADMIN roles | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 2.1 Ensure that Remote Radius is used for Authentication Only | CIS F5 Networks v1.0.0 L2 | F5 | ACCESS CONTROL |
| 2.2.3 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) - Administrators, Authenticated Users | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Disable NIS Server Services - domain | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.4 Ensure External Users' role is set to 'No Access' | CIS F5 Networks v1.0.0 L2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrations | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.6 Disable Kerberos TGT Expiration Warning | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.7 Disable Generic Security Services (GSS) | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Restrict Core Dumps to Protected Directory - /var/share/cores | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.4 Disable Source Packet Forwarding - current ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Disable Response to ICMP Timestamp Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 Disable TCP Reverse IP Source Routing - current tcp = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.15 Set Maximum Number of Half-open TCP Connections - current tcp = 4096 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.16 Set Maximum Number of Incoming Connections - current tcp = 1024 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding current = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure 'Idle timeout' is less than or equal to 10 minutes for SSH connections | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical data | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | CONTINGENCY PLANNING |
| 4.4 Ensure 'Idle timeout' is less than or equal to 10 minutes for serial console sessions | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higher | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure minimum SNMP version is set to V3 for agent access | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Disable Rhost-based Authentication for SSH - IgnoreRhosts = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.7 Blocking Authentication Using Empty/Null Passwords for SSH - PermitEmptyPasswords = no | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.9 Restrict FTP Use | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.11 Remove Autologin Capabilities from the GNOME desktop - pam.conf | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.12 Set Default Screen Lock for GNOME Users - lockTimeout = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/at.allow | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.15 Set Retry Limit for Account Lockout - LOCK_AFTER_RETRIES = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.17 Secure the GRUB Menu (Intel) - passwd.cfg - superusers | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 89.2 (L1) Ensure 'Access From Network' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.2 (L1) Ensure 'Access From Network' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
