| 1.6.6 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.6.6 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.27 Ensure 'Instant apps' is set to 'Disabled' | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.27 Ensure 'Instant apps' is set to 'Disabled' | AirWatch - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 2.5 Ensure aufs storage driver is not used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure the default ulimit is configured appropriately | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Enable user namespace support - /etc/subgid | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 2.8 Enable user namespace support - /etc/subuid | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 2.8 Enable user namespace support --userns-remap=default | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure the default cgroup usage has been confirmed | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10 Ensure base device size is not changed until needed | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | |
| 2.13 Ensure operations on legacy registry (v1) are Disabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.14 Ensure live restore is Enabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.16 Ensure daemon-wide custom seccomp profile is applied, if needed | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.17 Ensure experimental features are avoided in production | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Ensure the ScoreBoard File Is Secured | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Ensure the ScoreBoard File Is Secured | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Ensure the ScoreBoard File Is Secured | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 4.3 Ensure unnecessary packages are not installed in the container | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Ensure HEALTHCHECK instructions have been added to the container image | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.7 Ensure update instructions are not use alone in the Dockerfile | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.9 Ensure COPY is used instead of ADD in Dockerfile | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure memory usage for container is limited | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.11 Ensure CPU priority is set appropriately on the container | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure 'on-failure' container restart policy is set to '5' - 'MaximumRetryCount' | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure 'on-failure' container restart policy is set to '5' - RestartPolicyName | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Ensure the host's process namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Ensure the host's IPC namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.18 Ensure the default ulimit is overwritten at runtime, only if needed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.20 Ensure the host's UTS namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.21 Ensure the default seccomp profile is not Disabled | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.24 Ensure cgroup usage is confirmed | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.26 Ensure container health is checked at runtime | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.28 Ensure PIDs cgroup limit is used | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure image sprawl is avoided | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure container sprawl is avoided | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure that the MaxZoneParts setting for Web Parts is configured | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Ensure that the SafeControls list is set to the minimum set of controls needed for your sites | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure that the SafeControls list is set to the minimum set of controls needed for your sites | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.3 Ensure compilation or scripting of database pages via the PageParserPaths elements is not allowed | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.5 Ensure Docker's secret management commands are used for managing secrets in a Swarm cluster | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | CONFIGURATION MANAGEMENT |
| 7.10 Ensure management plane traffic has been separated from data plane traffic | CIS Docker Community Edition v1.1.0 L2 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
