| 1.1.1.1 Ensure mounting of cramfs filesystems is disabled - /etc/modprobe.d/CIS.conf | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Apply Latest OS Patches | CIS Solaris 10 L1 v5.2 | Unix | |
| 1.3 Ensure that Snowflake password is unset for SSO users | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.3 Install Solaris Encryption Kit - Check if Package SUNWcryr is installed | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Ensure multi-factor authentication (MFA) is turned on for all human users with password-based authentication | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.5 Ensure minimum password length is set to 14 characters or more | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.6 Ensure that service accounts use key pair authentication | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.9 Ensure that the idle session timeout is set to 15 minutes or less for users with the ACCOUNTADMIN and SECURITYADMIN roles | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.17 Ensure Snowflake stored procedures do not run with ACCOUNTADMIN or SECURITYADMIN role privileges | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 2.1.1 Disable Local CDE ToolTalk Database Server - Make sure that /network/rpc/cde-ttdbserver:tcp is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.1.4 Disable Local Web Console - Make sure that /system/webconsole:console is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.1.5 Disable Local WBEM - Make sure that application/management/wbem is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2 Ensure monitoring and alerting exist for MANAGE GRANTS privilege grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.2.2 Disable NIS Server Daemons - Make sure that /network/nis/server is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2.3 Disable NIS Client Daemons - Make sure that /network/nis/client is disabled | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.2.12 Disable Solaris Volume Manager Services - Make sure that system/mdmonitor is disabled - Solaris 10 <= 11/06 | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that application/graphical-login/cde-login is only limited to local connections | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that application/management/wbem only allows local connections (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/rpc/cde-calendar-manager is only limited to local connections | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/rpc/mdcomm:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/rpc/rstat:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/shell:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.3 Establish a Secure Baseline - Make sure that network/telnet:default is disabled (netservices limited) | CIS Solaris 10 L1 v5.2 | Unix | |
| 2.4 Ensure monitoring and alerting exist for password sign-in without MFA | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.6 Ensure monitoring and alerting exist for changes to network policies and associated objects | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.8 Ensure 'credentials' are not stored in configuration files - Default | CIS IIS 7 L2 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure monitoring and alerting exists for new share exposures | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure that an account-level network policy has been configured to only allow access from trusted IP addresses | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.6 Disable Response to ICMP Netmask Requests - Check ip_respond_to_address_mask_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.7 Disable ICMPv6 Redirect Messages - Check ip6_send_redirects value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.9 Disable Response to Multicast Echo Request - Check ip_respond_to_echo_multicast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.17 Set Maximum Number of Incoming Connections - Check tcp_conn_req_max_q value. Expected value: 1024. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_GLOB_CONTENT is set to default | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.2 Restrict Core Dumps to Protected Directory - Check if COREADM_GLOB_LOG_ENABLED is set to yes | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 7 L2 v1.8.0 | Windows | ACCESS CONTROL |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure Double-Encoded Requests will be Rejected - Applications | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.8 Ensure that the PREVENT_UNLOAD_TO_INLINE_URL account parameter is set to true | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled | CIS IIS 7 L1 v1.8.0 | Windows | |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Conccurent Requests | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure SSLv3 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure NULL Cipher Suites is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Ensure DES Cipher Suites is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC2 Cipher Suites is disabled - RC2 40/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3 Verify System Account Default Passwords - non-login | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.4 Ensure Password Fields are Not Empty | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 10.1 SN.1 Restrict access to suspend feature | CIS Solaris 11 L2 v1.1.0 | Unix | ACCESS CONTROL |
