| 1.3.10 Ensure 'Password Profiles' do not exist | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, PLANNING, PROGRAM MANAGEMENT, RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.11 Ensure 'Whether online OCSP/CRL checks are performed' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.12 Ensure 'Allow WebDriver to Override Incompatible Policies' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.14 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.15 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.16 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.17 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.27 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled' | CIS Google Chrome L1 v2.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure that an anti-phishing policy has been created | CIS Microsoft 365 Foundations E5 L1 v3.1.0 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.2 Ensure 'Default notification setting' is set to 'Enabled' with 'Do not allow any site to show desktop notifications' | CIS Google Chrome L2 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.2.2 Ensure 'Accept cookies' is set to 'From websites I visit' or 'From current website only' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure 'Default notification setting' is set to 'Enabled: Do not allow any site to show desktop notifications' | CIS Google Chrome L2 v2.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled' with 'Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API' | CIS Google Chrome L2 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'Control use of the WebUSB API' is set to 'Enabled' with 'Do not allow any site to request access to USB devices via the WebUSB API' | CIS Google Chrome L2 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.18 Ensure 'Whether online OCSP/CRL checks are required for local trust anchors' is set to 'Enabled' | CIS Google Chrome L2 v2.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.9 Ensure basic authentication for Exchange Online is disabled | CIS Microsoft 365 Foundations E3 L2 v1.3.0 | microsoft_azure | |
| 4.11 Ensure MailTips are enabled for end users | CIS Microsoft 365 Foundations E3 L2 v1.5.0 | microsoft_azure | |
| 4.12 Ensure MailTips are enabled for end users | CIS Microsoft 365 Foundations E3 L2 v1.4.0 | microsoft_azure | |
| 4.15 Ensure MailTips are enabled for end users | CIS Microsoft 365 Foundations E3 L2 v1.3.0 | microsoft_azure | |
| 5.3.2 Ensure X-Content-Type-Options header is configured and enabled | CIS NGINX Benchmark v1.0.0 L1 Webserver | Unix | |
| 6.19 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories - continue on the URL categories | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.20 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.20 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories - continue on the URL categories | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.20 Ensure that User Credential Submission uses the action of block or continue on the URL categories | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 7.12 Ensure mobile device management policies are required for email profiles | CIS Microsoft 365 Foundations E3 L2 v1.5.0 | microsoft_azure | |
| 7.12 Ensure mobile device management policies are required for email profiles | CIS Microsoft 365 Foundations E3 L2 v1.3.0 | microsoft_azure | |
| 7.12 Ensure mobile device management policies are required for email profiles | CIS Microsoft 365 Foundations E3 L2 v1.4.0 | microsoft_azure | |
