| 1.5 Configure 'Do not allow users to enable or disable add-ons' | CIS IE 11 v1.0.0 | Windows | ACCESS CONTROL |
| 1.6 Set 'Disable Save this program to disk option' to 'Enabled' | CIS IE 10 v1.1.0 | Windows | ACCESS CONTROL |
| 2.1.3 Ensure chrony is not run as the root user | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | ACCESS CONTROL |
| 2.2 Configure the ESXi host firewall to restrict access to services running on the host | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | ACCESS CONTROL |
| 2.2 Configure the ESXi host firewall to restrict access to services running on the host | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 2.5 Verify the domains within the DB2DOMAINLIST environment variable are appropriate (Windows only) | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | ACCESS CONTROL |
| 3.1 Configure 'Prevent deleting websites that the user has visited' | CIS IE 11 v1.0.0 | Windows | ACCESS CONTROL |
| 3.11 Ensure 'encryption providers' are locked down | CIS IIS 8.0 v1.5.1 Level 2 | Windows | ACCESS CONTROL |
| 3.11 Ensure 'encryption providers' are locked down | CIS IIS 7 L2 v1.8.0 | Windows | ACCESS CONTROL |
| 4 - Restrict access to $JETTY_HOME - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 4.01 init.ora - '_trace_file_public = FALSE' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | ACCESS CONTROL |
| 4.8 Ensure Handler is not granted Write and Script/Execute - Default | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 4.12 init.ora - 'sql92_security = TRUE' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 5.1 Set Sticky Bit on World Writable Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 5.1.4 Check Library folder for world writable files | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.1.6 Ensure that Service Account Tokens are only mounted where necessary | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL |
| 5.2.1 Ensure that the cluster has at least one active policy control mechanism in place | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 5.4 CIFS - 'cifs.restrict_anonymous = 2' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 6.2 Restrict Access to SYSCAT.AUDITUSE | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.2 Restrict Access to SYSCAT.AUDITUSE | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.3 Restrict Access to SYSCAT.DBAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.4 Restrict Access to SYSCAT.COLAUTH | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.5 Find Unauthorized World-Writable Files | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 6.5 Restrict Access to SYSCAT.EVENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.12 Restrict Access to SYSCAT.SECURITYLABELACCESS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.13 Restrict Access to SYSCAT.SECURITYPOLICYEXEMPTIONS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| 6.14 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.14 Restrict Access to SYSCAT.SURROGATEAUTHIDS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| 6.14 Restrict Access to SYSCAT.SURROGATEAUTHIDS | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.16 Restrict Access to SYSCAT.ROLES | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.17 Restrict Access to SYSCAT.ROUTINEAUTH | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.20 Restrict Access to SYSCAT.ROLEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.21 Restrict Access to SYSCAT.STATEMENTS | CIS IBM DB2 v10 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL |
| 6.25 Restrict Access to SYSCAT.SEQUENCEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.26 Restrict Access to SYSCAT.STATEMENTS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.27 Restrict Access to SYSCAT.WORKLOADAUTH | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | ACCESS CONTROL |
| 6.28 Restrict Access to SYSCAT.TABAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.30 Restrict Access to Tablespaces | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.31 Restrict Access to SYSCAT.MODULEAUTH | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 6.35 Restrict Access to SYSIBMADM.OBJECTOWNERS | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 DB | IBM_DB2DB | ACCESS CONTROL |
| 8.1.17 Set 'Software channel permissions' to 'Enabled:High safety' | CIS IE 9 v1.0.0 | Windows | ACCESS CONTROL |
| 9.6 Ensure root PATH Integrity - writeable dir in path | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 10.2 Disable System Accounts | CIS Debian Linux 7 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 10.15 Do not run applications as privileged | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 14.12 Screening router - 'Implement to restrict access to database host' | CIS v1.1.0 Oracle 11g OS L2 | Unix | ACCESS CONTROL |
| 14.12 Screening router - 'Implement to restrict access to database host' | CIS v1.1.0 Oracle 11g OS Windows Level 2 | Windows | ACCESS CONTROL |
| 18 - Restrict access to context.xml - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 18 - Restrict access to context.xml - owner | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 21 - Restrict access to users.xml - mode | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
| 45 - Restrict runtime access to sensitive packages | TNS Best Practice Jetty 9 Linux | Unix | ACCESS CONTROL |
