| 1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.1.8 Set 'Minimum password age' to '1 or more day(s)' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2.3 Set 'Audit Policy: Logon-Logoff: IPsec Quick Mode' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.14 Set 'Audit Policy: Logon-Logoff: Network Policy Server' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.15 Set 'Audit Policy: Detailed Tracking: DPAPI Activity' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.19 Set 'Audit Policy: Object Access: Registry' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.21 Set 'Audit Policy: Policy Change: Filtering Platform Policy Change' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.22 Set 'Audit Policy: Object Access: Central Access Policy Staging' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.24 Set 'Audit Policy: Account Logon: Kerberos Authentication Service' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.26 Set 'Audit Policy: Account Management: Application Group Management' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.29 Set 'Audit Policy: Policy Change: Other Policy Change Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.33 Set 'Audit Policy: Object Access: File Share' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.37 Set 'Audit Policy: DS Access: Directory Service Replication' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.38 Set 'Audit Policy: Object Access: Filtering Platform Packet Drop' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.15 Ensure that Snowflake tasks do not run with the ACCOUNTADMIN or SECURITYADMIN role privileges | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | ACCESS CONTROL |
| 2.3 Disable RPC Encryption Key | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.3 Ensure monitoring and alerting exist for password sign-ins of SSO users | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.5 Disable NIS Client Services - client | CIS Solaris 11.1 L1 v1.0.0 | Unix | |
| 2.7 Ensure monitoring and alerting exist for SCIM token creation | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | AUDIT AND ACCOUNTABILITY |
| 2.11 Configure TCP Wrappers - hosts.allow | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.deny | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Restrict Core Dumps to Protected Directory - global core file content | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.2 Enable Stack Protection - set noexec_user_stack = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Enable Stack Protection - set noexec_user_stack_log = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure that user-level network policies have been configured for service accounts | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Enable Strong TCP Sequence Number Generation - TCP_STRONG_ISS = 2 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Disable Response to ICMP Broadcast Timestamp Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Disable Response to ICMP Broadcast Netmask Requests - persistent ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv4 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 Disable TCP Reverse IP Source Routing - persistent tcp = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding persistent = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure sudo is configured correctly | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure AES encryption key size used to encrypt files stored in internal stages is set to 256 bits | CIS Snowflake Foundations v1.0.0 L1 | Snowflake | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Disable 'nobody' Access for RPC Encryption Key Storage Service | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Disable X11 Forwarding for SSH - X11Forwarding = no | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Disable root login for SSH - PermitRootLogin = no | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.11 Remove Autologin Capabilities from the GNOME desktop - pam.d/gdm-autologin | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.15 Set Retry Limit for Account Lockout - RETRIES = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.17 Secure the GRUB Menu (Intel) - grub.cfg timeout = 30 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure SSL Certificates are Configured For Replication - ssl key file | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Set Password Expiration Parameters on Active Accounts - MAXWEEKS = 13 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.4 Ensure WAL archiving is configured and functional - archive_mode | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.14 Check User Home Directory Ownership | CIS Solaris 11.1 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.15 Check for Duplicate UIDs | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
