| 1.1.2.1.3 Ensure nosuid option set on /tmp partition | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.3.2 Ensure nodev option set on /home partition | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.5.4 Ensure noexec option set on /var/tmp partition | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.2.6.3 Ensure nosuid option set on /var/log partition | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.3.1 Ensure separate partition exists for /var | CIS Fedora 28 Family Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.4.1 Ensure separate partition exists for /var/tmp | CIS Fedora 28 Family Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.1.10 Ensure nodev option set on /dev/shm partition | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.3.2 Ensure permissions on bootloader config are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.4 Ensure permissions on /etc/motd are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.5.1.6 Ensure permissions on /etc/issue.net are configured | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6 Ensure AppArmor is installed | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6 Ensure That IAM Users Are Not Assigned the Service Account User or Service Account Token Creator Roles at Project Level | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Ensure global .NET trust level is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.2 Ensure permissions on /etc/crontab are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.1.8 Ensure crontab is restricted to authorized users | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1.2.1 Ensure at is restricted to authorized users | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.2 Ensure permissions on SSH private host key files are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.3 Ensure permissions on SSH public host key files are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.8 Restrict Access to SYSCAT.CONTEXTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.13 Restrict Access to SYSCAT.EVENTTABLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.14 Restrict Access to SYSCAT.EXTERNALTABLEOPTIONS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.19 Restrict Access to SYSCAT.PASSTHRUAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.25 Restrict Access to SYSCAT.SECURITYLABELCOMPONENTELEMENTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.28 Restrict Access to SYSCAT.SECURITYPOLICIES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.38 Restrict Access to SYSCAT.TABAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.42 Restrict Access to SYSCAT.VARIABLES | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.47 Restrict Access to SYSSTAT.COLGROUPDIST | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.2.48 Restrict Access to SYSSTAT.COLUMNS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.3 Restrict Access to SYSIBM.SYSCOLAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.12 Restrict Access to SYSIBM.SYSEVENTS | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3.17 Restrict Access to SYSIBM.SYSPASSTHRUAUTH | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5.2.4 Ensure root password is set | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7.4.5 Ensure access to /var/spool/clientmqueue is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.2 Ensure permissions on SSH private host key files are configured | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.3 Minimize cluster access to read-only for Container Image repositories | CIS Google Kubernetes Engine (GKE) v1.6.1 L2 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.2 Ensure audit log files are mode 0640 or less permissive | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.3 Ensure only authorized users own audit log files | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.4 Ensure only authorized groups are assigned ownership of audit log files | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.2.4.10 Ensure audit tools belong to group root | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.4 Ensure default user umask is 027 or more restrictive | CIS Google Container-Optimized OS v1.2.0 L2 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.5 Ensure access to the su command is restricted | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.1 Ensure permissions on /etc/passwd are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.2 Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On' | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.4 Ensure permissions on /etc/group are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.8 Ensure permissions on /etc/gshadow are configured | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.13 Ensure SUID and SGID files are reviewed | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.1.14 Audit system file permissions | CIS AlmaLinux OS 8 Server L2 v3.0.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure That BigQuery Datasets Are Not Anonymously or Publicly Accessible | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 7.2 Ensure appropriate database file permissions are set. | CIS MongoDB 7 v1.1.0 L1 MongoDB | Windows | ACCESS CONTROL, MEDIA PROTECTION |
