| 1.2.1 Ensure software update repositories are configured | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure dm-verity is configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4.1 Ensure setuid programs do not create core dumps | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4.2 Ensure address space layout randomization (ASLR) is enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4.3 Ensure unprivileged eBPF is disabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.5.1 Ensure SELinux is configured | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6 Ensure updates, patches, and additional security software are installed | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.1 Ensure chrony is configured | AUDIT AND ACCOUNTABILITY |
| 3.2.5 Ensure broadcast ICMP requests are ignored | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.6 Ensure bogus ICMP responses are ignored | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.2.7 Ensure TCP SYN Cookies is enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1.1.1 Ensure journald is configured to write logfiles to persistent disk | AUDIT AND ACCOUNTABILITY |
| 4.1.2 Ensure permissions on journal files are configured | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| CIS_Bottlerocket_v1.0.0_L1.audit from CIS Bottlerocket Benchmark Level 1 | |
