| 1.1.4 - MobileIron - Set Auto-lock - 'Inactivity Timeout <= 2' | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.14 Ensure nodev option set on /home partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.16 Ensure nosuid option set on /dev/shm partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure permissions on bootloader config are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Ensure auditing is configured for the docker daemon | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | AUDIT AND ACCOUNTABILITY |
| 1.7.1.1 Ensure message of the day is configured properly - banner text | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.2 Ensure local login warning banner is configured properly - banner check | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.3 Ensure remote login warning banner is configured properly - msrv | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1.1 Ensure time synchronization is in use | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.2 Set version 2 for 'ip ssh version' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - rpcbind | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.11 Ensure IMAP and POP3 server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure Samba is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.16 Ensure NIS Server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.16 Ensure NIS Server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rlogin.socket status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure rsync service is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.21 Ensure talk server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure NIS Client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure rsh client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure X11 Server components are not installed | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure X11 Server components are not installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure talk client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure telnet client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.4.2.1 Ensure nftables is installed | CIS Debian 10 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.1 Ensure nftables is installed | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3 Ensure iptables is installed | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.1 Ensure iptables is installed | CIS CentOS 6 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.1 Ensure iptables is installed | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.1 Ensure a single firewall configuration utility is in use | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.8 Secure Permissions for the Log Mirror Location (MIRRORLOGPATH) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.1 Ensure nftables is installed | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.1 Ensure nftables is installed | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.1 Ensure nftables is installed | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.2 Ensure SSH Protocol is set to 2 | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.4 Ensure SSH Protocol is set to 2 | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.4 Ensure SSH Protocol is set to 2 | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.1 Review Users, Groups, and Roles | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 6.6.1.2 Ensure Max Login Backoff Threshold of 2 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 9.9 Secure plug-in library locations | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvscan.dat | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Word 2 and earlier binary documents and templates | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Word 2 and earlier binary documents and templates | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
