| 1.1.1.6 Ensure mounting of squashfs filesystems is disabled | CIS Debian 10 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure all AppArmor Profiles are enforcing | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.8.7 Ensure GDM disabling automatic mounting of removable media is not overridden | CIS Debian 10 Workstation L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 3.14 (L2) Ensure 'Enable search suggestions' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 (L2) Ensure 'AutoFill user names and passwords' is 'Disabled' | CIS MacOS Safari v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure auditing for processes that start prior to auditd is enabled | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.4 Ensure events that modify date and time information are collected - adjtimex settimeofday stime | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - clock_settime x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/shadow | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/shadow | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/network' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'issue.net' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl 'sethostname setdomainname' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - sethostname setdomainname | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.7 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/selinux | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure login and logout events are collected - faillog | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - /var/run/utmp | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EACCES x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - EPERM | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.13 Ensure successful file system mounts are collected - auditctl mount | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.14 Ensure file deletion events by users are collected - delete | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.16 Ensure system administrator actions (sudolog) are collected - auditctl /var/log/sudo.log | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/modprobe | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure kernel module loading and unloading is collected - /sbin/rmmod | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure kernel module loading and unloading is collected - init_module | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.3.4 Ensure users must provide password for privilege escalation | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 5.2.2.2 Ensure audit logs are not automatically deleted | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.3 Ensure events that modify the sudo log file are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.6 Ensure use of privileged commands are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.9 Ensure discretionary access control permission modification events are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.11 Ensure session initiation information is collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.14 Ensure events that modify the system's Mandatory Access Controls are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.15 Ensure successful and unsuccessful attempts to use the chcon command are recorded | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.16 Ensure successful and unsuccessful attempts to use the setfacl command are recorded | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.4.2 Ensure only authorized users own audit log files | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.4 Ensure the audit log directory is 0750 or more restrictive | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.21 (L2) Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 6.1.1 Audit system file permissions | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL |
| 18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT, RISK ASSESSMENT |
| 18.8.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| 18.8.48.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.77.3.2 (L2) Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| 18.10.43.12.1 (L2) Ensure 'Configure Watson events' is set to 'Disabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION |
| 19.7.45.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 19.7.47.2.1 (L2) Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
