| 1.1.3.3.1 Configure 'DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.11.9 Configure 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.22 Ensure nodev option set on removable media partitions | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.23 Ensure nosuid option set on removable media partitions | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure SETroubleshoot is not installed - zypper | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - rpm | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Configure 'Disable regedit from running silently?' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure the autoindex module is disabled | CIS NGINX Benchmark v2.0.1 L1 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.5 Ensure 'Block Excel XLL Add-ins that come from an untrusted source' is set to 'Enabled: Blocked' | CIS Microsoft Office Enterprise v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-kernel-server | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-kernel-server | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-utils | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-utils | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rsync is not installed or the rsyncd service is masked | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rsync is not installed or the rsyncd service is masked | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure NIS Client is not installed - dpkg | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.2 Ensure rsh client is not installed - zypper | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure LDAP client is not installed - dpkg | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.27.6 Ensure 'Allow VBA to load typelib references by path from untrusted intranet locations' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Do not install unnecessary packages in the container | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.3 Ensure 'HomeGroup Listener (HomeGroupListener)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.12 Mount container's root filesystem as read only | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.12 Mount container's root filesystem as read only | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.20 Ensure 'Remote Procedure Call (RPC) Locator (RpcLocator)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.22 Ensure 'Routing and Remote Access (RemoteAccess)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.27 Ensure 'Telnet (TlntSvr)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.34 Ensure 'Windows Media Center Receiver Service (ehRecvr)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.3.2 Ensure 'Configure SMB v1 client' is set to 'Enabled: Bowser, MRxSmb20, NSI' | CIS Windows 7 Workstation Level 1 v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.3.4 Ensure 'Configure SMB v1 server' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
