| 1.1.1 Ensure that the --allow-privileged argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.3.3 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.5 Ensure 'Password Profiles' do not exist | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.6 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1 | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.7 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1 | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.8 Ensure 'Minimum Numeric Letters' is greater than or equal to 1 | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.3.10 Ensure 'Password Profiles' do not exist | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.6.4 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.5 Ensure that the seccomp profile is set to docker/default in your pod definitions | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.8 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.9 Ensure 'Developer Options' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.11 Do not root your device | AirWatch - CIS Google Android v1.3.0 L1 | MDM | |
| 1.11 Do not root your device | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.3 Ensure Docker is allowed to make changes to iptables | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.14 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.15 Ensure 'sa' Login Account has been renamed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.18 Ensure containers are restricted from acquiring new privileges | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | ACCESS CONTROL |
| 3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.5 Ensure the Group Is Set Correctly on Apache Directories and Files | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.4.3 Ensure default group for the root account is GID 0 | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.5.3 Ensure default group for the root account is GID 0 | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.5.3 Ensure default group for the root account is GID 0 | CIS Ubuntu Linux 18.04 LTS Server L1 v2.1.0 | Unix | ACCESS CONTROL |
| 5.5.3 Ensure default group for the root account is GID 0 | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.5.3 Ensure default group for the root account is GID 0 | CIS Red Hat 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.23 Ensure docker exec commands are not used with user option | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 5.25 Ensure the container is restricted from acquiring additional privileges | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure the minimum number of manager nodes have been created in a swarm | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| Do not display network selection UI | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Do not display network selection UI | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Do not display network selection UI | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Do not display network selection UI | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Do not display network selection UI | MSCT Windows Server 2016 DC v1.0.0 | Windows | ACCESS CONTROL |
| Ensure default group for the root account is GID 0 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
