| 1.7 Ensure authentication key pairs are rotated every 180 days | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION |
| 1.10 Limit the number of users with ACCOUNTADMIN and SECURITYADMIN | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.11 Ensure that all users granted the ACCOUNTADMIN role have an email address assigned | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.12 Ensure that no users have ACCOUNTADMIN or SECURITYADMIN as the default role | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.13 Ensure that the ACCOUNTADMIN or SECURITYADMIN role is not granted to any custom role | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 1.14 Ensure that Snowflake tasks are not owned by the ACCOUNTADMIN or SECURITYADMIN roles | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 2.4 Disable NIS Server Services - domain | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.5 Ensure monitoring and alerting exist for creation, update and deletion of security integrations | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.6 Disable Kerberos TGT Expiration Warning | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.7 Disable Generic Security Services (GSS) | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Restrict Core Dumps to Protected Directory - /var/share/cores | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 3.1 Restrict Core Dumps to Protected Directory - global setid core dumps = enabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - init core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.1.18 Ensure 'log_connections' is enabled | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.23 Ensure 'log_statement' is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.4 Disable Source Packet Forwarding - current ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Disable Response to ICMP Timestamp Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 Disable TCP Reverse IP Source Routing - current tcp = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.15 Set Maximum Number of Half-open TCP Connections - current tcp = 4096 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.16 Set Maximum Number of Incoming Connections - current tcp = 1024 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding current = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure that the DATA_RETENTION_TIME_IN_DAYS parameter is set to 90 for critical data | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | CONTINGENCY PLANNING |
| 4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higher | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Disable Rhost-based Authentication for SSH - IgnoreRhosts = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.7 Blocking Authentication Using Empty/Null Passwords for SSH - PermitEmptyPasswords = no | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.9 Restrict FTP Use | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.11 Remove Autologin Capabilities from the GNOME desktop - pam.conf | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.12 Set Default Screen Lock for GNOME Users - lockTimeout = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/at.allow | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.15 Set Retry Limit for Account Lockout - LOCK_AFTER_RETRIES = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.17 Secure the GRUB Menu (Intel) - passwd.cfg - superusers | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - NAMECHECK = yes | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 8.1 Create Warnings for Standard Login Services - etc/issue perms | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.1 Create Warnings for Standard Login Services - etc/motd perms | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2 Enable a Warning Banner for the SSH Service - Banner = /etc/issue | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 8.4 Enable a Warning Banner for the FTP service - DisplayConnect /etc/issue | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 8.5 Check that the Banner Setting for telnet is Null - BANNER = | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.1 Check for Remote Consoles | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.4 Ensure Password Fields are Not Empty | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.7 Check Permissions on User Home Directories | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.8 Check Permissions on User '.' (Hidden) Files | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 9.10 Check for Presence of User .rhosts Files | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.19 Check for Duplicate Group Names | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
