| 1.1.3.9.12 Configure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.26 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfile | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.3 Dedicated Name Server Role | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.13 Benchmark v1.4.1 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 3.1 Ignore Erroneous or Unwanted Queries - Link local addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - Link local addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - Multicast addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 10/8; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addresses | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 192.168/16; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-certfile | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.18 Ensure that the --etcd-certfile and --etcd-keyfile arguments are set as appropriate - etcd-keyfile | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.4 Restrict Queries of the Cache - Caching Only | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max Bandwidth | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max Connections | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Hide BIND Version String | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Hide BIND Version String | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.2 Hide Nameserver ID | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Enable DNSSEC Validation - dnssec-enable | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Enable DNSSEC Validation - dnssec-validation | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v1909 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v2004 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
