| 1.1.5 Ensure noexec option set on /tmp partition | Unix | CIS Debian 9 Workstation L1 v1.0.1 |
| 1.1.5 Ensure noexec option set on /tmp partition | Unix | CIS Debian 9 Server L1 v1.0.1 |
| 1.1.17 Ensure noexec option set on /dev/shm partition | Unix | CIS Debian 9 Server L1 v1.0.1 |
| 1.1.17 Ensure noexec option set on /dev/shm partition | Unix | CIS Debian 9 Workstation L1 v1.0.1 |
| 1.1.20 Ensure noexec option set on removable media partitions | Unix | CIS Debian 9 Workstation L1 v1.0.1 |
| 1.1.20 Ensure noexec option set on removable media partitions | Unix | CIS Debian 9 Server L1 v1.0.1 |
| 1.13 Ensure 'Disable saving browser history' is set to 'Disabled' | Windows | CIS Google Chrome L1 v2.1.0 |
| 2.9 Ensure 'Allow download restrictions' is set to 'Enabled: Block dangerous downloads' | Windows | CIS Google Chrome L1 v2.1.0 |
| 5.1 Ensure that WildFire file size upload limits are maximized | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 5.1 Ensure that WildFire file size upload limits are maximized | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 5.1 Ensure that WildFire file size upload limits are maximized | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 5.5 Ensure all WildFire session information settings are enabled | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | Palo_Alto | CIS Palo Alto Firewall 9 v1.0.1 L1 |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | Palo_Alto | CIS Palo Alto Firewall 10 v1.0.0 L1 |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | Palo_Alto | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 |
| 7.6 Automatic Actions for Optical Media | Unix | CIS Apple macOS 10.12 L1 v1.2.0 |
| 8.8 Ensure Zones are Signed with NSEC or NSEC3 | Unix | CIS BIND DNS v1.0.0 L2 Authoritative Name Server |
| 9.5 Response Rate Limiting and DDOS Mitigation | Unix | CIS BIND DNS v1.0.0 L1 Authoritative Name Server |
