| 1.3 Ensure 'Ask where to save each file before downloading' is set to 'Enabled' | CIS Google Chrome L1 v2.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 Ensure 'Disable saving browser history' is set to 'Disabled' | CIS Google Chrome L1 v2.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.13 Ensure 'Disable saving browser history' is set to 'Disabled' | CIS Google Chrome L1 v2.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure 'Allow download restrictions' is set to 'Enabled: Block dangerous downloads' | CIS Google Chrome L1 v2.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Automatic Actions for Optical Media | CIS Apple macOS 11 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.14 Ensure 'Allow download restrictions' is set to 'Enabled' with 'Block dangerous downloads' specified. | CIS Google Chrome L1 v2.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled' | CIS Google Chrome L1 v2.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure a WildFire Analysis profile is enabled for all security policies | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.3 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 7.6 Automatic Actions for Optical Media | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 8.8 Ensure Zones are Signed with NSEC or NSEC3 | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 9.5 Response Rate Limiting and DDOS Mitigation | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND INFORMATION INTEGRITY |
