| 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - lsmod | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.4 Ensure mounting of hfs filesystems is disabled - lsmod | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.4 Ensure mounting of hfs filesystems is disabled - modprobe | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - lsmod | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - modprobe | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.6 Ensure mounting of squashfs filesystems is disabled - lsmod | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.8 Ensure mounting of FAT filesystems is limited - lsmod | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.3 Ensure nodev option set on /tmp partition | CIS Debian 8 Server L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.13 Ensure separate partition exists for /home | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.19 Ensure nosuid option set on removable media partitions | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.1 Ensure core dumps are restricted - sysctl | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.2 Ensure local login warning banner is configured properly | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.26.1 (L1) Ensure 'Disable Bing chat entry-points on Microsoft Edge Enterprise new tab page' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 1.135 (L2) Ensure 'Enable QR Code Generator' is set to 'Disabled' | CIS Microsoft Edge v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Set noexec option for /tmp Partition | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'IMAP4' Windows services are 'Disabled' | CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.9 Create Separate Partition for /home | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.10 Add nodev Option to /home | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.12 Add noexec Option to Removable Media Partitions | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.14 Add nodev Option to /run/shm Partition | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.16 Add noexec Option to /run/shm Partition | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.17 Ensure no login exists with the name 'sa' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 3.1 Ensure a fully-synchronized High Availability peer is configured | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure IP forwarding is disabled - sysctl ipv4 | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.16 Ensure 'debug_print_plan' is disabled | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure ICMP redirects are not accepted - net.ipv4.conf.default.accept_redirects (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify date and time information are collected - '/etc/localtime' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify date and time information are collected - 'auditctl clock_settime (64-bit)' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify date and time information are collected - 'auditctl clock_settime' | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl /etc/issue.net | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - auditctl b32 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's network environment are collected - b64 sethostname | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d/ | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux/ | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - /usr/share/selinux/ | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure events that modify the system's Mandatory Access Controls are collected - auditctl /usr/share/selinux/ | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure discretionary access control permission modification events are collected - auditctl b32 chmod fchmod | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure discretionary access control permission modification events are collected - auditctl b64 setxattr | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.13 Ensure use of privileged commands is collected | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.4 Ensure rsyslog default file permissions configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.3 Ensure permissions on all logfiles are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure permissions on SSH public host key files are configured | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.13 Audit SUID executables | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Ensure 'MASTER_SSL_VERIFY_SERVER_CERT' is enabled | CIS MariaDB 10.6 Database L1 v1.1.0 | MySQLDB | CONFIGURATION MANAGEMENT |
