| 1.1.3.17.3 Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.5 Ensure noexec option set on /tmp partition | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.9 Ensure noexec option set on /var/tmp partition | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.6.4 Set 'Disallow WinRM from storing RunAs credentials' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - process -u named | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.3 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.9 Isolate BIND with chroot'ed Subdirectory | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.13 Configure 'Turn off toast notifications on the lock screen' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 3.1 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 3.4 Database Audit L1 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.1 Set a nondeterministic Shutdown command value | CIS Apache Tomcat 8 L1 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 3.3.1 Establish DAS administrative group | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | ACCESS CONTROL |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 3.2 Database Audit L2 v1.0.0 | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles - userAdmin | CIS MongoDB 4 L2 DB v1.0.0 | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.3.5 Ensure SSH access is limited | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.6 Ensure SSH access is limited | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.6 Ensure SSH access is limited | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5 Ensure root login is restricted to system console | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 6.1.13 Audit SUID executables | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1.14 Audit SGID executables | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/cron.allow perms | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/cron.deny | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.13 Restrict at/cron to Authorized Users - /etc/cron.d/cron.deny | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 7.4 Secure SYSMON Authority | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 9.1.8 Restrict at/cron to Authorized Users - /etc/cron.allow | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.1.8 Restrict at/cron to Authorized Users - /etc/cron.deny | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 8 L2 v1.1.0 Middleware | Unix | ACCESS CONTROL |
| 10.3 Restrict manager application | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | ACCESS CONTROL |
| 10.3 Set Default Group for root Account | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.14 Do not run applications as privileged | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 13.5 Verify No UID 0 Accounts Exist Other Than root | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | ACCESS CONTROL |
| 18.8.22.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.85.1 Ensure 'Allow user control over installs' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.97.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Always install with elevated privileges | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Always install with elevated privileges | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Ensure at/cron is restricted to authorized users - at.allow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Allow LocalSystem NULL session fallback | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Allow LocalSystem NULL session fallback | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Turn off toast notifications on the lock screen | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Turn off toast notifications on the lock screen | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Detect application installations and prompt for elevation | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
