| 2.4.1 Ensure 'System Backup' is set. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure that the proxy kubeconfig file permissions are set to 644 or more restrictive | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.2 Ensure that the proxy kubeconfig file ownership is set to root:root | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.3 Ensure that the kubelet configuration file has permissions set to 600 | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.4 Ensure that the kubelet configuration file ownership is set to root:root | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 Node | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2 Minimize access to secrets | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.5 Ensure that default service accounts are not actively used | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | ACCESS CONTROL |
| 4.1.9 Ensure that the kubelet --config configuration file has permissions set to 600 or more restrictive | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | ACCESS CONTROL |
| 4.2.1 Ensure that the cluster enforces Pod Security Standard Baseline profile or stricter for all namespaces. | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 5.1.4 Minimize access to create pods | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.1.4 Minimize Container Registries to only those approved | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | CONFIGURATION MANAGEMENT |
| 5.2.2 Minimize the admission of containers wishing to share the host process ID namespace | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | ACCESS CONTROL |
| 5.5.1 Ensure Container-Optimized OS (cos_containerd) is used for GKE node images | CIS Google Kubernetes Engine (GKE) v1.5.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 5.7.2 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS RedHat OpenShift Container Platform 4 v1.5.0 L2 | OpenShift | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.10.4 Ensure use of Binary Authorization | CIS Google Kubernetes Engine (GKE) v1.5.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 8.3.4 Ensure standard processes are used for VM deployment | CIS VMware ESXi 7.0 v1.3.0 Level 1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.3.4 Ensure standard processes are used for VM deployment | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 8.3.4 Ensure templates are used whenever possible to deploy VMs | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
