| 1.2.4 Ensure Exec Timeout for Console Sessions is set for less than 10 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.4 Harden the container host | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Set password length for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2 Ensure rsh client is not installed | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.4 Audit Location Services Access | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6.1.3 Audit Location Services Access | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.21 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 3.1.21 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.23 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.23 Ensure 'log_hostname' is set correctly - log_hostname is set correctly | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.25 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Avoid non-default bindings to system:authenticated | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | ACCESS CONTROL |
| 4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 4.4 Scan and rebuild the images to include security patches | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure that only needed ports are open on the container | CIS Docker v1.7.0 L1 Docker - Linux | Unix | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.18 Override default ulimit at runtime only if needed | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.19 Override default ulimit at runtime only if needed | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | |
| 6.2.3 Review Role Members | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2 Review the role members | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | |
| 9.2 Review the role members | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | |
| 81.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 81.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002100 - AIX must monitor and record successful remote logins. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| BIND-9X-001600 - A BIND 9.x server validity period for the RRSIGs covering a zones DNSKEY RRSet must be no less than two days and no more than one week. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| BIND-9X-001700 - On the BIND 9.x server a zone file must not include resource records that resolve to a fully qualified domain name residing in another zone. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001990 - Only required ports must be open on the containers in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| RHEL-08-010070 - All RHEL 8 remote access methods must be monitored. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | ACCESS CONTROL |
| vCenter: vcenter-8.administration-sso-password-policy | VMware vSphere Security Configuration and Hardening Guide | VMware | IDENTIFICATION AND AUTHENTICATION |
