| 1.4 Ensure no 'root' user account access key exists | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.5.2 If SNMPv2 is in use, set Restrictions on Access | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.11 Do not setup access keys during initial user setup for all IAM users that have a console password | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3.3.3 Ensure File Sharing Is Disabled | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.3.6 Ensure Remote Management Is Disabled | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.2 Ensure all the login accounts having specific trusted hosts enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.4.8 Ensure File Sharing Is Disabled | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.8 Ensure File Sharing Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.8 Ensure File Sharing Is Disabled - SMB | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.9 Ensure Remote Management Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.9 Ensure Remote Management Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.11 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL |
| 2.17 Ensure That 'Restrict access to Microsoft Entra admin center' is Set to 'Yes' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.23 Ensure That No Custom Subscription Administrator Roles Exist | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.25 Ensure That 'Subscription leaving Microsoft Entra tenant' and 'Subscription entering Microsoft Entra tenant' Is Set To 'Permit no one' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 4.9 Ensure root access is controlled | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
| 4.9.1 Ensure root access is controlled | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION |
| 5.2.1 Minimize the admission of privileged containers | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 5.2.4 Ensure SSH access is limited | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure SSH access is limited | CIS SUSE Linux Enterprise 12 v3.1.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure SSH access is limited | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4 Ensure SSH access is limited | CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.5 Minimize the admission of containers with allowPrivilegeEscalation | CIS RedHat OpenShift Container Platform v1.6.0 L1 | OpenShift | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 5.2.6 Minimize the admission of root containers | CIS RedHat OpenShift Container Platform v1.6.0 L2 | OpenShift | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 5.2.8 Ensure users password required for privilege escalation when using sudo - rootpw | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.2.8 Ensure users password required for privilege escalation when using sudo - targetpw | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 5.2.14 Ensure SSH access is limited | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.14 Ensure SSH access is limited | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.5 Ensure SSH access is limited | CIS Red Hat 6 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.5 Ensure SSH access is limited | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.6 Ensure SSH access is limited | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.6 Ensure SSH access is limited | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.3.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.3.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.3.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.3.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 18.3.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| DG0005-ORACLE11 - Only necessary privileges to the host system should be granted to DBA OS accounts - 'root is not a member of dba groups' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | ACCESS CONTROL |
| DO3622-ORACLE11 - Oracle roles granted using the WITH ADMIN OPTION should not be granted to unauthorized accounts. | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | ACCESS CONTROL |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - rootpw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - runaspw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL6-00-000536 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - targetpw | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| OL07-00-010342 - The Oracle Linux operating system must use the invoking user's password for privilege escalation when using 'sudo'. | DISA Oracle Linux 7 STIG v2r14 | Unix | ACCESS CONTROL |
| RHEL-07-010342 - The Red Hat Enterprise Linux operating system must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA Red Hat Enterprise Linux 7 STIG v3r15 | Unix | ACCESS CONTROL |
| RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using 'sudo' - sudo. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| SLES-12-010112 - The SUSE operating system must use the invoking user's password for privilege escalation when using 'sudo'. | DISA SLES 12 STIG v2r13 | Unix | ACCESS CONTROL |
| WPAW-00-000400 - Administrative accounts of all high-value IT resources must be assigned to a specific administrative tier in Active Directory to separate highly privileged administrative accounts from less privileged administrative accounts. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
