| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | |
| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1.2 Configure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1.3 Configure 'Prohibit connection to non-domain networks when connected to domain authenticated network' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.4 Use Secure Upstream Caching DNS Servers | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | |
| 1.4 Use Secure Upstream Caching DNS Servers | CIS BIND DNS v1.0.0 L2 Caching Only Name Server | Unix | ACCESS CONTROL |
| 1.6.7 Configure Network policies as appropriate | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.6.7 Configure Network policies as appropriate | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.6.8 Configure Network policies as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.8 Configure Network policies as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 3.9 Ensure that SharePoint application servers are protected by a reverse proxy | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.9 Ensure that SharePoint application servers are protected by a reverse proxy | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.11 Ensure that the SharePoint Central Administration interface is not hosted in the DMZ. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.11 Ensure that the SharePoint Central Administration interface is not hosted in the DMZ. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourly | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every 15 minutes | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every 15 minutes | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minute | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure the host's network namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.30 Ensure the host's user namespaces is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid Categories | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Policies | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.5.21.1 (L1) Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 1 = Minimize simultaneous connections' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 18.5.21.2 (L1) Ensure 'Prohibit connection to non-domain networks when connected to domain authenticated network' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 1803 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Prohibit connection to non-domain networks when connected to domain authenticated network | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
