| 1.1.3.1 Ensure separate partition exists for /var | CIS Debian 10 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.6 Ensure separate partition exists for /var | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.10 Disable USB Storage | CIS Debian 10 Workstation L2 v2.0.0 | Unix | MEDIA PROTECTION |
| 1.1.12 Ensure separate partition exists for /var/log/audit | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.1.1 Disable IPv6 - grub.cfg | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.1 Disable IPv6 - sysctl.conf default | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Ensure SCTP is disabled - modprobe | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.5.3 Ensure RDS is disabled - lsmod | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1.3 Ensure audit logs are not automatically deleted | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2 Ensure auditd service is enabled | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.2.3 Ensure system is disabled when audit logs are full - action_mail_acct | CIS Debian Family Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3 Ensure events that modify date and time information are collected - auditctl clock_settime x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure events that modify date and time information are collected - settimeofday,adjtimex x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl clock_settime | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.4 Ensure events that modify date and time information are collected - auditctl settimeofday,adjtimex x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - /etc/issue | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify the system's network environment are collected - issue.net | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.5 Ensure events that modify user/group information are collected - /etc/passwd | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/group | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.5 Ensure events that modify user/group information are collected - auditctl /etc/gshadow | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's Mandatory Access Controls are collected - /etc/apparmor.d | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.6 Ensure events that modify the system's network environment are collected - auditctl '/etc/issue' | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.8 Ensure login and logout events are collected - auditctl faillog | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - faillog | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - tallylog | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure discretionary access control permission modification events are collected - chmod fchmod fchmodat | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.9 Ensure session initiation information is collected - /var/run/utmp | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure discretionary access control permission modification events are collected - auditctl chmod fchmod fchmodat x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure discretionary access control permission modification events are collected - lsetxattr setxattr fsetxattr removexattr x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.10 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.11 Ensure unsuccessful unauthorized file access attempts are collected - auditctl EPERM | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.12 Ensure successful file system mounts are collected - mounts | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.12 Ensure successful file system mounts are collected - mounts x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.13 Ensure file deletion events by users are collected - auditctl delete x64 | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure file deletion events by users are collected - delete | CIS Debian Family Workstation L2 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - auditctl mount x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - mounts | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure successful file system mounts are collected - mounts x64 | CIS Debian 9 Workstation L2 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.14 Ensure changes to system administration scope (sudoers) is collected - auditctl /etc/sudoers.d/ | CIS Debian Family Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.14 Ensure file deletion events by users are collected - auditctl delete | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.15 Ensure changes to system administration scope (sudoers) is collected - /etc/sudoers.d/ | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.15 Ensure system administrator command executions (sudo) are collected - b32 actions | CIS Debian Family Workstation L2 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.16 Ensure kernel module loading and unloading is collected - /sbin/modprobe | CIS Debian Family Workstation L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.17 Ensure kernel module loading and unloading is collected - auditctl /sbin/rmmod | CIS Debian 9 Workstation L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.18 Ensure the audit configuration is immutable | CIS Debian 9 Workstation L2 v1.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/bashrc | CIS Debian 9 Workstation L2 v1.0.1 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user shell timeout is 900 seconds or less - /etc/profile.d/*.sh | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL |
| 6.1.1 Audit system file permissions | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
