| 1.1.6 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.7 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.20 Ensure that the --kubelet-https argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.29 Ensure that the --client-ca-file argument is set as appropriate | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.31 Ensure that the --etcd-cafile argument is set as appropriate | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - key-file | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.5.1 Ensure that the --cert-file and --key-file arguments are set as appropriate - key-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - Certificates | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Gateways | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure that the certificate securing Remote Access VPNs is valid - GlobalProtect Portals | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 Ensure that the --client-ca-file argument is set as appropriate | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.12 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.13 Ensure that the --rotate-certificates argument is not set to false | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | |
| 2.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | |
| 2.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 10 v2.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 3.1.6 Ensure that the --secure-port argument is not set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.19 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | |
| 3.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | |
| 3.5.1 Ensure 'VPN' is 'Configured' | AirWatch - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 3.5.1 Ensure 'VPN' is 'Configured' | MobileIron - CIS Apple iOS 10 v2.0.0 Institution Owned L1 | MDM | ACCESS CONTROL |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure TLS or SSL protects all network communications | CIS MongoDB 3.2 L1 Windows Audit v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Use TSIG Keys 256 Bits in Length | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Protect TSIG Key Files During Deployment | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure data exchanged between containers are encrypted on different nodes on the overlay network | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure swarm manager is run in auto-lock mode | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure swarm manager auto-lock key is rotated periodically | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | |
| 7.8 Ensure node certificates are rotated as appropriate | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure CA certificates are rotated as appropriate | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security 'max-age=480' | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | |
| 7.11 Ensure HTTP Strict Transport Security Is Enabled - 'httpd.conf Strict-Transport-Security configuration' | CIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware | Unix | |
