1.2 Ensure 'host headers' are on all sites | CIS IIS 10 v1.1.1 Level 1 | Windows | |
1.3 Ensure 'Directory browsing' is set to Disabled - directory browsing is set to disabled | CIS IIS 10 v1.2.0 Level 1 | Windows | |
1.4 Ensure 'application pool identity' is configured for all application pools | CIS IIS 10 v1.1.1 Level 1 | Windows | |
2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 10 v1.1.1 Level 1 | Windows | |
2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 10 v1.2.0 Level 1 | Windows | |
2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.0 Level 2 | Windows | |
2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.1.1 Level 2 | Windows | |
2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile soft | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.8 Ensure the default ulimit is configured appropriately - daemon.json nproc soft | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
2.10 Ensure the default cgroup usage has been confirmed - daemon.json | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
2.10 Ensure the default cgroup usage has been confirmed - dockerd | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
2.11 Ensure base device size is not changed until needed - daemon.json | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.1.1 Level 1 | Windows | |
3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.0 Level 1 | Windows | |
3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
4.5 Ensure Double-Encoded requests will be rejected - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Google Kubernetes Engine (GKE) v1.4.0 L2 | GCP | |
4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
4.8 Ensure Handler is not granted Write and Script/Execute - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
4.8 Ensure Handler is not granted Write and Script/Execute - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.8 Ensure Handler is not granted Write and Script/Execute - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.1.1 Level 1 | Windows | |
4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.0 Level 1 | Windows | |
7.1 Ensure HSTS Header is set - Server | CIS IIS 10 v1.1.1 Level 2 | Windows | |
7.1 Ensure HSTS Header is set - Sites | CIS IIS 10 v1.2.0 Level 2 | Windows | |