| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.23 Ensure nosuid option set on removable media partitions | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Disable Unused Connectors | CIS Apache Tomcat 8 L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Do Not Install a Multi-Use System - chkconfig | CIS BIND DNS v3.0.0 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Do Not Install a Multi-Use System - systemctl | CIS BIND DNS v3.0.0 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Amazon Linux v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux v2.0.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - rpm | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed - zypper | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure only required modules are installed | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure HTTP WebDAV module is not installed | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Loadbalancer | Unix | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure modules with gzip functionality are disabled | CIS NGINX Benchmark v2.0.1 L2 Proxy | Unix | CONFIGURATION MANAGEMENT |
| 2.1.4 Ensure the autoindex module is disabled | CIS NGINX Benchmark v2.0.1 L1 Webserver | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4.7.2.5 Ensure 'Block Excel XLL Add-ins that come from an untrusted source' is set to 'Enabled: Blocked' | CIS Microsoft Office Enterprise v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-kernel-server | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-kernel-server | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-utils | CIS SUSE Linux Enterprise 15 Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.7 Ensure nfs-utils is not installed or the nfs-server service is masked - nfs-utils | CIS SUSE Linux Enterprise 15 Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rsync is not installed or the rsyncd service is masked | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure rsync is not installed or the rsyncd service is masked | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed | CIS Amazon Linux v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure telnet client is not installed - zypper | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.27.6 Ensure 'Allow VBA to load typelib references by path from untrusted intranet locations' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.1.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Allowlist Authorized Libraries and Report Violations | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1.3 Ensure all user storage CoreStorage volumes are encrypted | CIS Apple macOS 10.13 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.4 iCloud Drive Document sync | CIS Apple macOS 10.13 L2 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 8 L2 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.3.7 Ensure nftables service is enabled | CIS CentOS Linux 8 Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - masked | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.3 Ensure nftables is not installed or stopped and masked - stopped | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - $InputTCPServerRun 514 | CIS Amazon Linux 2 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts - $ModLoad imtcp | CIS Amazon Linux 2 v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Do not install unnecessary packages in the container | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Rebuild the images to include security patches | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Safari disable Internet Plugins for global use | CIS Apple macOS 10.12 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.15 Do not allow cross context requests | CIS Apache Tomcat 8 L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.8 (L1) Ensure 'MSS: (SafeDllSearchMode) Enable Safe DLL search mode (recommended)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
