| 1.6.1.1 Ensure AppArmor is installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - apparmor | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Debian 9 Server L2 v1.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Amazon Linux v2.1.0 L2 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured - 'Policy from config file' | CIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0 | Unix | ACCESS CONTROL |
| 1.6.1.7 Ensure SETroubleshoot is not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.1 Ensure SELinux is not disabled in bootloader configuration - enforcing=0 | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 9 Server L2 v1.0.1 | Unix | ACCESS CONTROL |
| 1.6.3 Ensure SELinux or AppArmor are installed | CIS Debian 9 Server L2 v1.0.1 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - 0 processes are unconfined | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure SELinux policy is configured - sestatus | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.5 Ensure the SELinux mode is enforcing - getenforce | CIS Fedora 19 Family Linux Server L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.8.1.6 Ensure permissions on /etc/issue.net are configured | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Give the BIND User Account an Invalid Shell | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.2.48 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.48 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.12 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL |
| 2.6 Ensure AutoScaling Group Launch Configuration for App Tier is configured to use an App-Tier IAM Role | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | ACCESS CONTROL |
| 4.4 Ensure logrotate assigns appropriate permissions | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 4.5 Activate AppArmor - profiles are loaded | CIS Debian Linux 7 L2 v1.0.0 | Unix | ACCESS CONTROL |
| 5.1 Set daemon umask - Check if CMASK is set to 022 in /etc/default/init. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 5.1 Use secure Realms | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 5.1 Verify AppArmor | CIS Docker 1.11.0 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.1 Verify AppArmor | CIS Docker 1.6 v1.0.0 L2 Docker | Unix | ACCESS CONTROL |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.2 Ensure permissions on SSH private host key files are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | ACCESS CONTROL |
| 5.3 Reduce the sudo timeout period | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/pam.d/common-session | CIS Debian Family Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.5 NFS - 'nfs.v4.acl.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 6.1.7 Ensure permissions on /etc/shadow- are configured | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.7 Ensure users own their home directories | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL |
| 6.2.13 Ensure users' .netrc Files are not group or world accessible | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty - /etc/group | CIS CentOS 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 7.6 Ensure directory in logging.properties is a secure location - check log directory location | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users - Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 7.6 Set Default umask for Users, Check if 'UMASK' is set to 077. | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 10.19 Setting Security Lifecycle Listener (check for umask uncommented in startup) | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 18.10.3.1 (L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | ACCESS CONTROL |
| 19.7.26.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | ACCESS CONTROL |
| 19.7.26.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL |
| 20.47 Ensure 'Permissions for program file directories must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| IBM i : Allow User Domain Objects (QALWUSRDMN) - '*ALL' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| Review the List of Users with ROLE_NAME | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
