| 1.2 Ensure 'Host headers' are on all sites | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - /etc/mysql/my.cnf | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - /etc/mysql/my.cnf | CIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.cnf | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.6\my.ini | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | CIS MySQL 5.7 Community Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - C:\my.cnf | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - MYSQL_INSTALL\my.ini | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - mysqld start-up | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - SYSCONFDIR/my.cnf passed | CIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MariaDB 10.6 Database L2 v1.1.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS MySQL 5.6 Community Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' | CIS MySQL 5.7 Community Linux OS L1 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode' | CIS MySQL 5.7 Community Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %WINDIR%\my.cnf | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 9.1.4 Ensure 'Publish to web' is restricted | CIS Microsoft 365 Foundations E3 L1 v3.1.0 | microsoft_azure | PLANNING, SYSTEM AND SERVICES ACQUISITION |
