| 1.1.21 Ensure sticky bit is set on all world-writable directories | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.1 Ensure core dumps are restricted - sysctl | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure firewall filters contain explicit deny and log term | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure firewall filters contain explicit deny and log term | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure access profile is set to use CHAP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3 Ensure /etc/hosts.deny is configured | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure default deny firewall policy - Chain FORWARD | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3 Ensure outbound and established connections are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure loopback traffic is configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure IPv6 firewall rules exist for all open ports | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2 Ensure IPv6 outbound and established connections are configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3 Ensure IPv6 firewall rules exist for all open ports | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.1 Ensure Uncomplicated Firewall is installed | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.2 Ensure iptables-persistent is not installed | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.4 Ensure loopback traffic is configured - allow out v4 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.6 Ensure firewall rules exist for all open ports | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.7 Ensure default deny firewall policy | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.1 Ensure IPv4 default deny firewall policy - FORWARD | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.1 Ensure IPv4 default deny firewall policy - INPUT | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.6 Ensure loopback traffic is configured - v6 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.7 Ensure outbound and established connections are configured | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.8 Ensure default deny firewall policy - input | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1 Ensure IPv6 default deny firewall policy - INPUT | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1.3 Ensure Uncomplicated Firewall is not installed or disabled | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2 Ensure IPv6 loopback traffic is configured - OUTPUT | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.3 Ensure outbound and established connections are configured | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.3 Ensure IPv6 outbound and established connections are configured | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - auditctl mount | CIS Debian 9 Server L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - auditctl mount x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - mounts | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - mounts x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure that Service Account Tokens are only mounted where necessary - serviceaccounts | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.6 Ensure that Service Account Tokens are only mounted where necessary - serviceaccounts | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3 Minimize the admission of containers wishing to share the host process ID namespace | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1 Prefer using secrets as files over secrets as environment variables | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/bash.bashrc | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 Ensure interface restrictions are set for SNMP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure SNMP is set to OOB management only | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.89.2.4 (L1) Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
