| 1.1.1 (L1) Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.6 Ensure separate partition exists for /var | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.11 Ensure separate partition exists for /var/log | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.2.1 (L1) Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 (L1) Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.2.2.29 Configure 'Allow network unlock at startup' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.9 Set 'Allow data recovery agent' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.15 Set 'Configure use of smart cards on removable data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.5.4 Set 'Always prompt for password upon connection' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.6.4 Set 'Disallow WinRM from storing RunAs credentials' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.7.8 Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.7.9 Set 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.9 Set 'Turn off Data Execution Prevention for Explorer' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.17 (L1) Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.26 (L1) Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.28 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.29 (L1) Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 (L2) Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.3 (L2) Ensure 'Control use of the WebUSB API' is set to 'Enabled: Do not allow any site to request access to USB devices via the WebUSB API' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.4 (L2) Ensure 'Default notification setting' is set to 'Enabled: Do not allow any site to show desktop notifications' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure 'forms authentication' require SSL - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3 (L1) Ensure 'Configure extension installation blocklist' is set to 'Enabled: *' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 (L2) Ensure 'Configure native messaging blocklist' is set to 'Enabled: *' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 (L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Configure 'Turn off toast notifications on the lock screen' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.14 (L1) Ensure 'Require Site Isolation for every site' is set to 'Enabled' | CIS Google Chrome L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 2.18 (L2) Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.25 (L1) Ensure 'Allow file or directory picker APIs to be called without prior user gesture' Is Disabled | CIS Google Chrome L1 v3.0.0 | Windows | RISK ASSESSMENT |
| 2.28 (L1) Ensure 'Enable automatic HTTPS upgrades' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | MEDIA PROTECTION |
| 2.31 (L1) Ensure 'Enable strict MIME type checking for worker scripts' Is Enabled | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 (L2) Ensure 'Browser sign in settings' is set to 'Enabled: Disabled browser sign-in' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Configure MachineKey Validation Method - .Net 3.5 - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.12 (L1) Ensure 'Enable reporting of usage and crash-related data' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'admin_space_left_action' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.1.2 Ensure system is disabled when audit logs are full - 'space_left_action is configured' | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod/fchmod/fchmodat | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chown/fchown/fchownat/lchown | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chown/fchown/fchownat/lchown | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EACCES | CIS Amazon Linux v2.1.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
