| 1.1 Create a separate partition for containers | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Ensure 'Web content' is on non-system partition | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 1.1 Ensure a separate partition for containers has been created | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.1 Ensure a separate partition for containers has been created | CIS Docker v1.8.0 L1 OS Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Enterprise Edition 8.4 v1.0.0 L1 MySQL OS Linux | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Enterprise Edition 8.0 v1.5.0 L1 MySQL RDBMS on Linux Unix | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | ACCESS CONTROL |
| 1.3 Ensure device is physically secured | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 4.2.6 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.12.0 L1 Worker Node | Unix | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.12.0 L1 Master Node | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.12.0 L1 Master Node | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.9 Minimize access to create persistent volumes | CIS Kubernetes v1.12.0 L1 Master Node | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.10 Minimize access to the proxy sub-resource of nodes | CIS Kubernetes v1.12.0 L1 Master Node | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.13 Minimize access to the service account token creation | CIS Kubernetes v1.12.0 L1 Master Node | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.18 Ensure that host devices are not directly exposed to containers | CIS Docker v1.8.0 L1 OS Linux | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
