| 1.1.1.3 Ensure mounting of jffs2 filesystems is disabled - modprobe | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.17 Ensure noexec option set on /dev/shm partition | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.18 Ensure nodev option set on removable media partitions | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure GPG keys are configured | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.2.2.15 Set 'Require additional authentication at startup' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.2.20 Set 'Configure TPM startup key:' to 'Do not allow startup key with TPM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.24 Configure 'Configure TPM platform validation profile for native UEFI firmware configurations' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.2.26 Configure 'Disallow standard users from changing the PIN or password' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.3.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.17 Set 'Deny write access to removable drives not protected by BitLocker' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.6 Configure 'Prevent memory overwrite on restart' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.9 Set 'Allow Standby States (S1-S3) When Sleeping (On Battery)' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.3.2 Configure 'Do not display the password reveal button' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.4.3 Set 'System: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.2.4.4.4 Set 'Security: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.2.4.4.6 Set 'System: Maximum Log Size (KB)' to 'Enabled:20480 or greater' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.2.4.5.5 Set 'Do not allow passwords to be saved' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.6.1 Set 'Disallow Digest authentication' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.6.3 Set 'Allow Basic authentication' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.7.5 Set 'Configure Automatic Updates' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.8 Configure 'Allow the use of biometrics' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.3.1 Ensure sudo is installed | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.3.2 Ensure sudo commands use pty | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.4 Ensure core dumps are restricted - storage | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | ACCESS CONTROL |
| 1.7.4 Ensure GDM screen locks when the user is idle | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | ACCESS CONTROL |
| 1.8.3 Ensure permissions on /etc/issue are configured | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.5 Ensure remote login warning banner is configured properly | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.8.6 Ensure local login warning banner is configured properly | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.10 Ensure updates, patches, and additional security software are installed | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.2 Ensure systemd-timesyncd is configured - FallbackNTP | CIS Debian Family Server L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.3 Ensure chrony is configured - package ntp | CIS Debian Family Server L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.3 Ensure chrony is configured - user | CIS Debian Family Server L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.4 Ensure ntp is configured - restrict -4 | CIS Debian Family Server L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.8 Ensure DNS Server is not installed | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Debian Family Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.24 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure nonessential services are removed or masked | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.5 Ensure Remote Login Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.6 Configure 'Remove CD Burning features' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 2.8 Set 'Password protect the screen saver' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.12 Configure 'Prevent changing screen saver' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 3.1.2 Ensure wireless interfaces are disabled | CIS Debian Family Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 3.3.1 Ensure source routed packets are not accepted - files 'net.ipv4.conf.default.accept_source_route = 0' | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.10.9.1.3 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.2 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Send required diagnostic data' or 'Enabled: Send optional diagnostic data' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
