| 1.6.3 Create network segmentation using Network Policies | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.10.6 Configure 'Network access: Named Pipes that can be accessed anonymously' (DC only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.10.7 Configure 'Network access: Named Pipes that can be accessed anonymously' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.10 Ensure Private Endpoints are used to access Storage Accounts | CIS Microsoft Azure Foundations v2.1.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2 Ensure that all Namespaces have Network Policies defined | CIS Google Kubernetes Engine (GKE) v1.5.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | CIS Microsoft Azure Foundations v2.1.0 L2 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.2 Ensure That Private Endpoints Are Used Where Possible | CIS Microsoft Azure Foundations v2.1.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes Benchmark v1.8.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host network namespace | CIS RedHat OpenShift Container Platform 4 v1.5.0 L1 | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes Benchmark v1.8.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6.2 Ensure use of VPC-native clusters | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Ensure that the host's process namespace is not shared | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.17 Ensure that the host's IPC namespace is not shared | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.21 Ensure that the host's UTS namespace is not shared | CIS Docker v1.6.0 L1 Docker Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.31 Ensure that the host's user namespaces are not shared | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 (L1) Host must isolate storage communications | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 7.0 v1.3.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 7.9 Ensure that management plane traffic is separated from data plane traffic | CIS Docker v1.6.0 L1 Docker Swarm | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.7 Ensure that Private Endpoints are Used for Azure Key Vault | CIS Microsoft Azure Foundations v2.1.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
