| 1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following list | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following list | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.2 (L1) Ensure 'Account lockout threshold' is set to '10 or fewer invalid logon attempt(s), but not 0' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 1.2.3 (L1) Ensure 'Reset account lockout counter after' is set to '15 or more minute(s)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.2.5 (L1) Ensure 'Allow log on locally' is set to 'Administrators, Users' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.3.7.7 (L2) Ensure 'Interactive logon: Number of previous logons to cache (in case domain controller is not available)' is set to '4 or fewer logon(s)' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.3.7.8 (L1) Ensure 'Interactive logon: Prompt user to change password before expiration' is set to 'between 5 and 14 days' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.3.10.5 (L1) Ensure 'Network access: Let Everyone permissions apply to anonymous users' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.7 Ensure 'Network access: Remotely accessible registry paths' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.8 Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.8 Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.9 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.6 Ensure that the User-ID service account does not have interactive logon rights | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.7 Ensure remote access capabilities for the User-ID service account are forbidden. | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.3 Ensure 'PASSWORD_LIFE_TIME' Is Less than or Equal to '90' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 3.6 Ensure 'PASSWORD_GRACE_TIME' Is Less than or Equal to '5' | CIS Oracle Server 18c DB Traditional Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Distribution Independent Linux Workstation L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.5 Ensure SSH LogLevel is appropriate | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.6 Ensure SSH X11 forwarding is disabled | CIS Debian 8 Workstation L1 v2.0.2 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.6 Ensure SSH X11 forwarding is disabled | CIS Debian 8 Server L2 v2.0.2 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.11 Ensure SSH PermitEmptyPasswords is disabled | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.11 Ensure SSH PermitEmptyPasswords is disabled | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.11 Ensure SSH PermitEmptyPasswords is disabled | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS CentOS 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.12 Ensure SSH PermitEmptyPasswords is disabled | CIS Red Hat 6 Server L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.1 Ensure the 'CREATE USER' Action Audit Is Enabled | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 6.2.5 Ensure the 'ALTER ROLE' Action Audit Is Enabled | CIS Oracle Server 12c DB Unified Auditing v3.0.0 | OracleDB | AUDIT AND ACCOUNTABILITY |
| 17.2.2 (L1) Ensure 'Audit Security Group Management' is set to include 'Success' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 18.8.4.2 (L1) Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| Ensure inactive password lock is 30 days or less | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Network access: Remotely accessible registry paths | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Remotely accessible registry paths | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Remotely accessible registry paths and subpaths | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Remotely accessible registry paths and subpaths | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
