| 1.3 Ensure 'Make pattern visible' is set to 'Disabled' (if using a pattern as device lock mechanism) | MobileIron - CIS Google Android v1.3.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'Make pattern visible' is set to Disabled (if using a pattern as device lock mechanism) | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - Running Processes | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.8 Ensure 'Make passwords visible' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.10 Ensure 'Developer Options' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.16 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.82 Ensure 'Enable Discover access to page contents for AAD profiles' is set to 'Disabled' | CIS Microsoft Edge L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.83 Ensure 'Enable Drop feature in Microsoft Edge' is set to 'Disabled' | CIS Microsoft Edge L2 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.104 Ensure 'Live captions allowed' is set to 'Disabled' | CIS Microsoft Edge L2 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1 Do not use lxc execution driver | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.3.16.1 (L1) Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.16.1 (L1) Ensure 'System settings: Optional subsystems' is set to 'Defined: (blank)' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Ensure 'Device Information' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.6 Setup a local registry mirror | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure 'Voice & Audio Activity' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.12.1 - Miscellaneous Config - serial port restriction - 'on:/usr/sbin/getty does not exist in /etc/inittab' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.12.5 - Miscellaneous Config - disable pmd - 'pmd has been disabled' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.16 Ensure SSH AllowTcpForwarding is disabled | CIS Debian 10 Server L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.4.3 Removal of entries from /etc/hosts.equiv | CIS IBM AIX 7.2 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5.3.2 OpenSSH: Remove /etc/shosts.equiv and /etc/rhosts.equiv | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5.3.3 OpenSSH: Remove .shosts files | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.5.7 Uninstall/Disable sendmail | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.10 Do not store secrets in Dockerfiles | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd HostbasedAuthentication is disabled | CIS Debian Linux 12 v1.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.1.10 Ensure sshd HostbasedAuthentication is disabled | CIS Debian Linux 12 v1.0.1 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.1.12 Ensure sshd HostbasedAuthentication is disabled | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Ensure 'Computer Browser (Browser)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.4 Ensure 'HomeGroup Provider (HomeGroupProvider)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.6 Ensure 'Internet Connection Sharing (ICS) (SharedAccess)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.8 Ensure 'Media Center Extender Service (Mcx2Svc)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.19 Do not set mount propagation mode to shared | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.19 Do not set mount propagation mode to shared | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.24 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.28 Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.34 Ensure 'Windows Media Center Scheduler Service (ehSched)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Block OneDrive for Business sync from unmanaged devices | CIS Microsoft 365 Foundations E3 L2 v2.0.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 6.4 Ensure DHCP Server is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.12 Ensure Samba is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.14 Ensure SNMP Server is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.3.1 Set SSH Protocol to 2 | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.5.4.1 Ensure 'Turn off multicast name resolution' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.2.3 (L1) Ensure 'Enable features introduced via servicing that are off by default' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.2.3 (L1) Ensure 'Enable features introduced via servicing that are off by default' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 19.7.8.2 (L1) Ensure 'Do not suggest third-party content in Windows spotlight' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
