| 1.6.3 Create network segmentation using Network Policies | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.16 Ensure a support role has been created to manage incidents with AWS Support | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | INCIDENT RESPONSE |
| 1.17 Ensure IAM instance roles are used for AWS resource access from instances | CIS Amazon Web Services Foundations v5.0.0 L2 | amazon_aws | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.21 Ensure access to AWSCloudShellFullAccess is restricted | CIS Amazon Web Services Foundations v5.0.0 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.2.2.1 Ensure Private Endpoints are used to access {service} | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.10.6 (L1) Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.3.10.6 Ensure 'Network access: Named Pipes that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1 Ensure that Azure Databricks is deployed in a customer-managed virtual network (VNet) | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.1 Ensure that all Namespaces have Network Policies defined | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2 Ensure that all Namespaces have Network Policies defined | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.3 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.10.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host IPC namespace | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host network namespace | CIS Red Hat OpenShift Container Platform v1.7.0 L1 | OpenShift | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.4 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.10.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.5 Minimize the admission of containers wishing to share the host network namespace | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6.2 Ensure use of VPC-native clusters | CIS Google Kubernetes Engine (GKE) v1.7.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.16 Ensure that the host's process namespace is not shared | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.17 Ensure that the host's IPC namespace is not shared | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.21 Ensure that the host's UTS namespace is not shared | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.31 Ensure that the host's user namespaces are not shared | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 (L1) Host must isolate storage communications | CIS VMware ESXi 8.0 v1.1.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 (L1) Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure storage area network (SAN) resources are segregated properly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 7.9 Ensure that management plane traffic is separated from data plane traffic | CIS Docker v1.7.0 L1 Docker Swarm | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.8 Ensure that Private Endpoints are Used for Azure Key Vault | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.3.2.1 Ensure Private Endpoints are used to access Storage Accounts | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.35.1 (L1) Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.35.1 Ensure 'Prevent the computer from joining a homegroup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
