| 1.2.3 Ensure HTTP and Telnet options are disabled for the management interface | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.7 Ensure that the APIPriorityAndFairness feature gate is enabled | CIS Red Hat OpenShift Container Platform v1.8.0 L1 OpenShift | OpenShift | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.1 Pre-authentication Banner | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1 | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 | CIS Kubernetes v1.11.1 L1 Master Node | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1 | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.2 Disable iPXE (Pre-boot eXecution Environment) | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.7.2 Post-authentication Banner | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.3 Set 'no ip bootp server' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Set 'no service dhcp' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Set 'no service dhcp' - dhcp pool | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Ensure that the --read-only-port is disabled | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 (L1) Host must automatically terminate idle host client sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure Old HTTP Protocol Versions Are Disallowed | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Apply a Trusted Signed Certificate for VPN Portal | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 9.3 Ensure 'safkeyringhw:' is set to use a hardware crypto card | CIS IBM WebSphere Liberty v1.0.0 L2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.1.2 Ensure 'SMB protocol version' is set to 'SMB 3.1.1' or higher for SMB file shares | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 11 v1.0.0 L2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Bluetooth When no Approved Device is Connected | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Bluetooth When no Approved Device is Connected | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Bluetooth When no Approved Device is Connected | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Bluetooth When no Approved Device is Connected | NIST macOS Big Sur v1.4.0 - 800-53r5 Low | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Bluetooth When no Approved Device is Connected | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Bluetooth Sharing | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Bluetooth Sharing | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Bluetooth Sharing | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Bluetooth When no Approved Device is Connected | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Bluetooth When no Approved Device is Connected | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Bluetooth When no Approved Device is Connected | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
