| 1.2 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.2 Configure 'Do not process the run once list' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.6 Set 'Enumerate local users on domain-joined computers' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.3.3.1 Configure 'Turn Off the Display (seconds):' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.6 Set 'Enable RPC Endpoint Mapper Client Authentication' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3.7 Set 'Do not apply during periodic background processing' to 'Enabled:FALSE' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.13 Set 'Prevent installation of devices using drivers that match these device setup classes' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.2.3.14 Set 'Also apply to matching devices that are already installed' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.2.4.2.1.5 Set 'Recovery Password' to 'Allow 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.10 Set 'Choose how BitLocker-protected fixed drives can be recovered' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.5 Set 'Recovery Password' to 'Require 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.9 Set 'Allow data recovery agent' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.13 Set 'Save BitLocker recovery information to AD DS for operating system drives' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.22 Configure 'Enable use of BitLocker authentication requiring preboot keyboard input on slates' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.23 Configure 'Configure TPM platform validation profile for BIOS-based firmware configurations' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.5 Set 'Recovery Password' to 'Do not allow 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.5.1 Set 'Do not allow drive redirection' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.5.3 Set 'Encryption Level' to 'Enabled:High Level' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.6.5 Set 'Allow unencrypted traffic' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.10 Configure 'Turn off the Store application' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 16 OS v1.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Configure 'Prevent Codec Download' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Set 'Notify antivirus programs when opening attachments' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.5 Configure 'Hide mechanisms to remove zone information' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.12 Ensure the correct messages are written to the server log | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure 'debug_print_parse' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure 'debug_print_rewritten' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Ensure 'debug_print_plan' is disabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 16 OS v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure 'backend' runtime parameters are configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure TLS is enabled and configured correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONTINGENCY PLANNING |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure PostgreSQL configuration files are outside the data cluster | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 8.2 Ensure PostgreSQL subdirectory locations are outside the data cluster | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
