| 1.2.4.2.2.25 Set 'Allow enhanced PINs for startup' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.5.2 Ensure XD/NX support is enabled | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 8 Server L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/* | CIS Red Hat 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - /etc/sysctl.conf, /etc/sysctl.d/* | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Debian 8 Server L1 v2.0.2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Configure ExecShield - kernel.exec-shield = 1 | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Ensure address space layout randomization (ASLR) is enabled - sysctl | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8 Ensure 'Scan for Startup Procs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.6 Ensure root PATH Integrity | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure root PATH Integrity | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.11 Ensure root PATH Integrity | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.11 Ensure root PATH Integrity | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.3.12 Set 'Launching programs and unsafe files' to 'Enabled:Prompt' | CIS IE 10 v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 8.7 No '.' In root's $PATH | CIS Solaris 9 v1.3 | Unix | CONFIGURATION MANAGEMENT |
| 9.2.6 Ensure root PATH Integrity | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.24.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - DeepHooks | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.2 (L1) Ensure 'Default Action and Mitigation Settings' is set to 'Enabled' (plus subsettings) - ExploitAction | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - opera.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - Skype.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - googletalk.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - opera.exe 1 | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - pidgin.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - Thunderbird.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - winamp.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - LYNC.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - OUTLOOK.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.5 Ensure 'Default Protections for Recommended Software' is set to 'Enabled' - VISIO.EXE | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.6 Ensure 'System ASLR' is set to 'Enabled: Application Opt-In' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.30.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.30.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.30.4 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.30.4 Ensure 'Turn off shell protocol protected mode' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| Show security warning for potentially unsafe files - Internet Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn off heap termination on corruption | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows 10 v1507 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off heap termination on corruption | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
