| 1.5 (L1) Host integrated hardware management controller must be secure | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5.1 Ensure Syslog Logging is configured | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.5.2 Log all Successful and Failed Administrative Logins | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.2 Alter the Advertised server.number String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6 (L1) Host must have reliable time synchronization sources | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.8 (L1) Host must require TPM-based configuration encryption | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.2 If Possible, Limit the BGP Routes Accepted from Peers | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles | CIS MongoDB 6 v1.2.0 L2 MongoDB | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles - userAdminAnyDatabase | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 3.5.1 Basic Fiber Channel Configuration | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.20 (L1) Host must enable normal lockdown mode | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.22 (L1) Host must deny shell access for the dcui account | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.3 (L1) Host must log sufficient information for events | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.4 Restrict access to Tomcat logs directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure Encryption of Data at Rest | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Restrict access to Tomcat catalina.policy | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.10 (L1) Host must verify certificates for TLS remote logging endpoints | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.10 Restrict access to Tomcat context.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.12 Restrict access to Tomcat server.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.14 Restrict access to Tomcat web.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4 (L1) Host must filter Bridge Protocol Data Unit (BPDU) packets | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7 (L1) Host should reject MAC address changes on standard virtual switches and port groups | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3.1 (L1) Host iSCSI client, if enabled, must employ bidirectional/mutual CHAP authentication | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 (L1) Virtual machines must require encryption for vMotion | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.8 (L1) Ensure unauthorized modification and disconnection of devices is disabled | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.17 (L1) Virtual machines must deactivate console drag and drop operations | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.20 (L1) Virtual machines must limit access through the "dvfilter" network API | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.24 (L1) Virtual machines must not be able to obtain host information from the hypervisor | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.28 (L1) Virtual machines must limit informational messages from the virtual machine to the VMX file | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.1 (L1) VMware Tools must be a version that has not reached End of General Support status | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND SERVICES ACQUISITION |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 8.3 (L1) VMware Tools should configure automatic upgrades as appropriate for the environment | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 8.6 (L1) VMware Tools must limit the automatic removal of features | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.10 (L1) VMware Tools must deactivate Guest Store Upgrade operations unless required | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.3 Restrict manager application | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 10.9 Configure connectionTimeout | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.13 Do not run applications as privileged | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
