| 1.2.1.1 Ensure 'Protection From Zone Elevation' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.10 Ensure 'Object Caching Protection' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.11 Ensure 'Consistent Mime Handling' is set to Enabled - excel.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.11 Ensure 'Consistent Mime Handling' is set to Enabled - mspub.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.11 Ensure 'Consistent Mime Handling' is set to Enabled - visio.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.12 Ensure 'Add-on Management' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.12 Ensure 'Add-on Management' is set to Enabled - mse7.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.6 Ensure rsh server is not enabled - rexec | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.8 Ensure telnet server is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Ensure time synchronization is in use | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.1.3 Ensure chrony is configured - remote server | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.4 Ensure CUPS is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.5 Ensure DHCP Server is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.9 Ensure FTP Server is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.12 Ensure Samba is not enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure mail transfer agent is configured for local-only mode | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.3 Ensure talk client is not installed | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure LDAP client is not installed | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.all.send_redirects = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored - sysctl | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1 Ensure DCCP is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.4 Ensure TIPC is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.2 Ensure logging is configured | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host - rsyslog.conf | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.1 Ensure syslog-ng service is enabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.2.4 Ensure syslog-ng is configured to send logs to a remote log host - log src | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.5 Ensure remote syslog-ng messages are only accepted on designated log hosts | CIS Amazon Linux v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.3 Ensure permissions on /etc/cron.hourly are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.2 Ensure SSH Protocol is set to 2 | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.4 Ensure SSH X11 forwarding is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.9 Ensure SSH PermitEmptyPasswords is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - dcredit | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - password-auth ocredit | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure password creation requirements are configured - retry=3 | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - system-auth 'auth [success=1 default=bad] pam_unix.so' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - password-auth | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.4 Ensure password hashing algorithm is SHA-512 - system-auth | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile.d/*.sh | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure permissions on /etc/shadow are configured | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.5 Ensure permissions on /etc/gshadow are configured | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1.7 Ensure permissions on /etc/shadow- are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.12 Ensure no ungrouped files or directories exist | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.2.6 Ensure root PATH Integrity | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.9 Ensure users own their home directories | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
