| 1.1 Remove extraneous files and directories (CONFIG_DIR/Catalina/localhost/manager.xml) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (CONFIG_DIR/Catalina/localhost/manager.xml) | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/js-examples) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/ROOT/admin) | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories (WEBAPP_DIR/servlet-example) | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.2 (L1) Ensure sign-in to shared mailboxes is blocked | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'Make pattern visible' is set to Disabled (if using a pattern as device lock mechanism) | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - DPKG | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - RPM | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.8 Ensure 'Make passwords visible' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.10 Ensure 'Developer Options' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.11 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.11 Ensure 'Unknown sources' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.26 Ensure 'Add users when device is locked' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.38 (L1) Ensure 'Allow import of data from other browsers on each Microsoft Edge launch' is set to 'Disabled' | CIS Microsoft Intune for Edge v1.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.3 Set 'no ip bootp server' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.4 Set 'no service dhcp' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.3 Ensure 'Back up to Google Drive' is Disabled | AirWatch - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.4.4 Disable Printer Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.7 Disable Bluetooth Sharing | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - AppleFileServer | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'Web and App Activity' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.6.4 iCloud Drive Document and Desktop sync - document | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.4 iCloud Drive Document sync | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.10 Ensure 'Google Location History' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 15.0 Sequoia v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.33 (L1) Ensure 'Clear Browsing Data on Exit' is set to 'Disabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.76 (L1) Ensure 'Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context' is set to 'Disabled' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1.13 Ensure 'Allow trusting new enterprise app authors' is set to 'Disabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 4.2.9 Ensure sshd GSSAPIAuthentication is disabled | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.2.21 Ensure sshd PermitUserEnvironment is disabled | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Do not use update instructions alone in the Dockerfile | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Do not store secrets in Dockerfiles | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Do not run ssh within containers | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Open only needed ports on container | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.19 Do not set mount propagation mode to shared | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Do not mount the Docker socket inside any containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure the X Window system is not installed | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Avoid image sprawl | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.7 Ensure NFS and RPC are not enabled - rpcbind | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.9 Ensure FTP Server is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 7 L2 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.5 Rename the manager application (webapps/manager) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.10.3.1 Ensure 'Turn off API Sampling' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.3.3 Ensure 'Turn off Install Tracing' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
