| 1.1.1.1 Ensure mounting of cramfs filesystems is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.4 Ensure nodev option set on /tmp partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.6 Ensure /dev/shm is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.1.7 Ensure noexec option set on /dev/shm partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.8 Ensure nodev option set on /dev/shm partition | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 1.1.14 Ensure /var/tmp partition includes the nosuid option | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MEDIA PROTECTION, SYSTEM AND SERVICES ACQUISITION |
| 1.5.2 Ensure XD/NX support is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.8 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Ensure time synchronization is in use | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 2.2.12 Ensure HTTP Proxy Server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.14 Ensure NIS server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.15 Ensure telnet-server is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.2.17 Ensure nfs-utils is not installed or the nfs-server service is masked | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5 Ensure LDAP client is not installed | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.2.2 Ensure packet redirect sending is disabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Ensure ICMP redirects are not accepted | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.6 Ensure broadcast ICMP requests are ignored | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.7 Ensure bogus ICMP responses are ignored | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.3.8 Ensure Reverse Path Filtering is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.10 Ensure IPv6 router advertisements are not accepted | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.5.2.2 Ensure firewalld is either not installed or masked with nftables | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables outbound and established connections are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure nftables default deny firewall policy | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.10 Ensure nftables service is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.3 Ensure firewalld is either not installed or masked with iptables | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables loopback traffic is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.6 Ensure iptables is enabled and running | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.2 Ensure ip6tables outbound and established connections are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.4 Ensure logging is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 4.2.2.1 Ensure journald is configured to send logs to rsyslog | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.2.3 Ensure journald is configured to write logfiles to persistent disk | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.3 Ensure logrotate is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1.1 Ensure that 'security defaults' is enabled in Microsoft Entra ID | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.9 Ensure at is restricted to authorized users | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.2 Ensure sudo commands use pty | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.3.10 Ensure SSH IgnoreRhosts is enabled | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2 Ensure lockout for failed password attempts is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.2 Ensure minimum days between password changes is configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.5.1.3 Ensure password expiration warning days is 7 or more | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.28 (L2) Ensure 'Server (LanmanServer)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL |
| 6.2.6 Ensure no duplicate group names exist | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.12 Ensure users own their home directories | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.2.13 Ensure users' home directories permissions are 750 or more restrictive | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 18.6.8.5 Ensure 'Enable remote mailslots' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.5 Ensure 'Enable remote mailslots' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.6.8.5 Ensure 'Enable remote mailslots' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
