| 1.1.2 Ensure default password of admin is not used | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Expiration Warning | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Configure Secure Password Policy - Minimum Duration | CIS F5 Networks v1.0.0 L1 | F5 | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5.3.4 Set 'Windows Firewall: Public: Logging: Log dropped packets' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.6 Set 'Windows Firewall: Public: Allow unicast response' to 'No' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Ensure Snowflake SCIM integration is configured to automatically provision and deprovision users and groups (i.e. roles) | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.2.1.1 Configure 'Set IP Stateless Autoconfiguration Limits State' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.3.1.1 Configure 'Turn off access to the Store' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.3.11 Set 'Select update server:' to 'Enabled:Search Managed Server' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.9 Set 'Allow data recovery agent' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.16 Set 'Require use of smart cards on fixed data drives' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.1 Set 'Configure use of hardware-based encryption for operating system drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.2.2.29 Configure 'Allow network unlock at startup' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.9 Set 'Allow data recovery agent' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.15 Set 'Configure use of smart cards on removable data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.5.4 Set 'Always prompt for password upon connection' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.6.4 Set 'Disallow WinRM from storing RunAs credentials' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.7.8 Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.7.9 Set 'Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.9 Set 'Turn off Data Execution Prevention for Explorer' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.12 Configure 'Allow deployment operations in special profiles' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.16 Set 'Allow Remote Shell Access' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.8 Ensure that users who did not log in for 90 days are disabled | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 2.1 Ensure monitoring and alerting exist for ACCOUNTADMIN and SECURITYADMIN role grants | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.3 Ensure that 'Fallback to local' option is disabled for Remote Authentication Settings | CIS F5 Networks v1.0.0 L2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.5 Disable NIS Client Services - domain | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.5 Ensure External Users' has access to needed Partitions only | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.9 Disable automount Service | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.13 Configure 'Turn off toast notifications on the lock screen' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 3.1 Restrict Core Dumps to Protected Directory - global core dump logging = enabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.2 Ensure access to Configuration utility by clients using TLS version 1.2 or later | CIS F5 Networks v1.0.0 L1 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.1 Ensure yearly rekeying is enabled for a Snowflake account | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.9 Ensure that Tri-Secret Secure is enabled for the Snowflake account | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10 Ensure that data masking is enabled for sensitive data | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | ACCESS CONTROL |
| 5.4 Ensure to disable unused services in BIG-IP configuration | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
