| 2.3 Ensure authentication is enabled in the sharded cluster - authenticationMechanisms | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Ensure authentication is enabled in the sharded cluster - clusterFile | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Secure screen saver corners - bottom right corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.3.2 Secure screen saver corners - top right corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.5 Ensure proper SNMP configuration - 'community name private does not exist' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 2.5.1 Disable 'Wake for network access' | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.5.2 Disable sleeping the computer when connected to power | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.7 Ensure Sever Header is Modified To Prevent Information Disclosure | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 2.8.1 Time Machine Auto-Backup | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONTINGENCY PLANNING |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Weak Protocols are Disabled | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Verify Active Directory group membership for the 'ESX Admins' group | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 4.5 Ensure Encryption of Data at Rest - encryptionKeyFile | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Restrict access to Tomcat temp directory | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.10 Restrict access to Tomcat context.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.14 Restrict access to Tomcat web.xml | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure that new entries are appended to the end of the log file | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.10 Verify contents of exposed configuration files | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.17 Create specialized keychains for different purposes | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Mask and zone SAN resources appropriately | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.6 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.22 Ensure that 'Inline Cloud Analysis' on Vulnerability Protection profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure appropriate key file permissions are set - CAFile | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Ensure appropriate database file permissions are set | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | ACCESS CONTROL |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in default | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.5 Ensure pattern in context.xml is correct | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 8.2.1 Disconnect unauthorized devices - Floppy Devices | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | MEDIA PROTECTION |
| 8.3.2 Minimize use of the VM console | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.4.2 Control VMsafe Agent Address | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.3 Control VMsafe Agent Port | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.14 Disable Shell Action | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.18 Disable Unity | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.6.3 Disable virtual disk wiping | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 10.3 Restrict manager application | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 10.5 Rename the manager application - webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.8 Do not allow additional path delimiters - ALLOW_BACKSLASH | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.11 Force SSL for all applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
