| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing = 0 | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - selinux = 0 | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.2 Ensure the SELinux state is enforcing - /etc/selinux/config | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.1 Ensure AppArmor is enabled in the bootloader configuration - apparmor=1 | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - 0 processes are unconfined | CIS Debian 8 Server L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - complain mode | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 8 Workstation L2 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.9.29 Interactive logon: Require smart card | CIS Windows 2008 SSLF v1.2.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.3.20 Ensure the audit configuration is immutable | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Ensure permissions on /etc/crontab are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.4 Ensure permissions on /etc/cron.daily are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.6 Ensure permissions on /etc/cron.monthly are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.7 Ensure permissions on /etc/cron.d are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.deny | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.3 Ensure permissions on SSH public host key files are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure permissions on /etc/passwd are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.6 Ensure permissions on /etc/passwd- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.9 Ensure permissions on /etc/gshadow- are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.11 Ensure no unowned files or directories exist | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 6.2.9 Ensure users own their home directories | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| DTOO200 - Office must be configured to not allow read with browsers. | DISA STIG Microsoft Office System 2013 v1r9 | Windows | ACCESS CONTROL |
| GEN001730 - All global initialization files must not have extended ACLs - '/etc/csh.login' | DISA STIG for Red Hat Enterprise Linux 5 v1r17 Audit | Unix | ACCESS CONTROL |
| GEN002640 - Default system accounts must be disabled or removed - 'sys' | DISA STIG for Oracle Linux 5 v1r14 | Unix | ACCESS CONTROL |
| Monterey - Disable Network File System Service | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Remote Apple Events | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Screen Sharing and Apple Remote Desktop | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Server Message Block Sharing | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Server Message Block Sharing | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Server Message Block Sharing | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Server Message Block Sharing | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r5 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable the Built-in Web Server | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Unix-to-Unix Copy Protocol Service | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Monterey - Disable Unix-to-Unix Copy Protocol Service | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OSX00110 M6 - sudo usage must be restricted to a single terminal, and for only one instance - '/etc/sudoers - Defaults timestamp_timeout=0' | DISA STIG Apple Mac OSX 10.6 v1r3 | Unix | ACCESS CONTROL |
