| 1.1.6 Ensure separate partition exists for /var | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.12 Ensure separate partition exists for /home | CIS Debian 8 Workstation L2 v2.0.2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.13 Ensure separate partition exists for /home | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.22 Disable Automounting | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.2 Ensure the SELinux state is enforcing - /etc/selinux/config | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.3 Ensure SELinux or AppArmor are installed | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL |
| 3.6 Ensure wireless interfaces are disabled | CIS Debian 8 Workstation L2 v2.0.2 | Unix | CONFIGURATION MANAGEMENT |
| 3.6 Ensure wireless interfaces are disabled | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - action_mail_acct | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - space_left_action | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - /etc/localtime | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl adjtimex | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - clock_settime x64 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl '/etc/network' | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - auditctl 'issue.net' | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/group | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/group | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/shadow | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - /etc/network | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/issue' | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/network' | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /etc/apparmor.d | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - auditctl faillog | CIS Debian Family Workstation L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - faillog | CIS Debian Family Workstation L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - lastlog | CIS Debian Family Workstation L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.7 Ensure login and logout events are collected - tallylog | CIS Debian Family Workstation L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected - /var/log/wtmp | CIS Debian Family Workstation L2 v1.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/log/wtmp | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/run/utmp | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown fchown fchownat lchown x64 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl setxattr x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown fchown fchownat lchown x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure use of privileged commands is collected | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure use of privileged commands is collected | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/modprobe | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl init_module | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
