| 1.1.1.5 Ensure mounting of hfsplus filesystems is disabled - /etc/modprobe.d/CIS.conf | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.8 Ensure mounting of FAT filesystems is disabled - /etc/modprobe.d/CIS.conf | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.7 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure that the --repair-malformed-updates argument is set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.9 Ensure that the --repair-malformed-updates argument is set to false | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Use IP address rather than hostname | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.7 - MobileIron - Disable 'Remember passwords' - 'Samsung SAFE' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure that the API server pod specification file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure that the apiserver file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Ensure that the controller manager pod specification file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.5 Ensure that the scheduler pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.9 Ensure that the Container Network Interface file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.10 Ensure that the flanneld file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.14 Ensure that the admin.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.14 Ensure that the admin.conf file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.19 Ensure that the Kubernetes PKI directory and file ownership is set to root:root | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.20 Ensure that the Kubernetes PKI certificate file permissions are set to 644 or more restrictive | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.2 Create Pod Security Policies for your cluster | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Do not admit privileged containers | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.2 Do not admit containers wishing to share the host process ID namespace | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.5 Do not admit containers with allowPrivilegeEscalation | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure Host Name is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure that the --hostname-override argument is not set | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure that the --event-qps argument is set to 0 | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure that the --hostname-override argument is not set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure that the --cadvisor-port argument is set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure that the config file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure that the kubelet.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.2 Ensure ntp is configured - restrict -4 | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure that the kubelet.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.6 Ensure that the proxy file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.8 Ensure that the client certificate authorities file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.2 Disable Internet Sharing | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.4 Disable Printer Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Pair the remote control infrared receiver if enabled - 'DeviceEnabled = 1' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.7 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.8 Require instance name for discovery requests | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.22 Set archive log failover retry limit | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.10 Ensure SSH PermitUserEnvironment is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.3 Enable Automatic Database Maintenance | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 5.12 Require an administrator password to access system-wide preferences | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.8 Ensure permissions on /etc/group- are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.7 Ensure all users' home directories exist | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
