| 1.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.3.17.4 Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.10 Ensure noexec option set on /var/tmp partition | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.11 Ensure that the admission control plugin AlwaysPullImages is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.12 Ensure that the admission control plugin DenyEscalatingExec is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.13 Ensure that the admission control policy is set to DenyEscalatingExec | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.13 Ensure that the admission control policy is set to NamespaceLifecycle | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.14 Ensure that the admission control plugin NamespaceLifecycle is set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.1.27 Ensure that the admission control policy is set to ServiceAccount | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.28 Ensure that the admission control policy is set to ServiceAccount | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.3.3 Ensure that the --use-service-account-credentials argument is set to true | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.3.3 Ensure that the --use-service-account-credentials argument is set to true | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | ACCESS CONTROL |
| 1.6.3 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 2.2.4 (L1) Ensure 'Act as part of the operating system' is set to 'No One' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.10 Ensure 'Back up files and directories' is set to 'Administrators, Backup Operators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.14 (L1) Ensure 'Create a token object' is set to 'No One' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.15 (L1) Ensure 'Create global objects' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.16 (L1) Ensure 'Create permanent shared objects' is set to 'No One' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.18 (L1) Ensure 'Create symbolic links' is set to 'Administrators, NT VIRTUAL MACHINE\Virtual Machines' (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.30 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS' (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Load and unload device drivers' is set to 'Administrators' - Administrators | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.36 (L1) Ensure 'Modify an object label' is set to 'No One' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.7 (L1) Configure 'Network access: Remotely accessible registry paths' is configured | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.10.10 Configure 'Network access: Remotely accessible registry paths' is configured | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.10.11 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure the SharePoint setup account is configured with the minimum privileges on the SQL server - db_owner | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 2.6 Set Group named or root for BIND Directories and Files | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.7 Ensure remote access capabilities for the User-ID service account are forbidden. | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 3.1.8 Ensure that the admission control policy is not set to AlwaysAdmit | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.1.8 Ensure that the admission control policy is not set to AlwaysAdmit | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 3.3 Ensure that MongoDB is run using a non-privileged, dedicated service account | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 4.4 Restrict Access to All Key Files - permissions | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny does not exist | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.allow | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.5 Ensure access to the su command is restricted - pam_wheel.so | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1.14 Audit SGID executables | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.29 Restrict Access to SYSCAT.AUTHORIZATIONIDS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| 8.1 Restrict access to starting and stopping DB2 instances | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | ACCESS CONTROL |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| Ensure system accounts are non-login | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
