| 1.4.1 Enable SELinux in /etc/grub.conf - enforcing != 0 | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL |
| 1.5.1 Ensure bootloader password is set | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
| 1.5.1 Ensure bootloader password is set | CIS Red Hat EL7 Workstation L1 v3.0.1 | Unix | ACCESS CONTROL |
| 1.5.2 Ensure bootloader password is set | CIS Oracle Linux 8 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure AppArmor is enabled in the bootloader configuration - security | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure all AppArmor Profiles are enforcing - complain | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure all AppArmor Profiles are enforcing - loaded | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure all AppArmor Profiles are enforcing - unconfined | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure the SELinux mode is enforcing or permissive - getenforce | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure the SELinux mode is enforcing or permissive - getenforce | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 1.6.1.6 Ensure no unconfined daemons exist | Huawei EulerOS 2 Server L2 v1.0 | Unix | ACCESS CONTROL |
| 1.7.1.5 Ensure no unconfined services exist | CIS Red Hat EL8 Workstation L2 v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Give the BIND User Account an Invalid Shell | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | ACCESS CONTROL |
| 2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)' | CIS Oracle Server 18c DB Unified Auditing v1.1.0 | OracleDB | ACCESS CONTROL |
| 2.2.56 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.56 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2016 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.59 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.59 (L1) Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.59 Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.10.12 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.10.14 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | CIS MySQL 8.0 Community Database L1 v1.0.0 | MySQLDB | ACCESS CONTROL |
| 3.1 Ensure JMX Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.3 Ensure 'log_error' Has Appropriate Permissions | CIS MySQL 8.0 Enterprise Database L1 v1.3.0 | MySQLDB | ACCESS CONTROL |
| 3.3 Ensure Admin Console is either secured or removed - 'java:/jaas/jmx-console = true' | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.4 The JMXInvokerServlet servlet must be secured against web attacks | Redhat JBoss EAP 5.x | Unix | ACCESS CONTROL |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | CIS MySQL 8.0 Enterprise Database L1 v1.3.0 | MySQLDB | ACCESS CONTROL |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Deny directives exist' | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | ACCESS CONTROL |
| 4.1 Ensure Access to OS Root Directory Is Denied By Default - 'httpd.conf no Require directives exist' | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | ACCESS CONTROL |
| 5.1.9 Ensure at is restricted to authorized users - '/etc/at.allow' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.2.2 Ensure permissions on SSH private host key files are configured | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.2.3 Ensure permissions on SSH public host key files are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | ACCESS CONTROL |
| 5.3.1 Ensure permissions on /etc/ssh/sshd_config are configured | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | Huawei EulerOS 2 Server L1 v1.0 | Unix | ACCESS CONTROL |
| 5.4.10 Ensure default user umask is 077 | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.5.3 Ensure default group for the root account is GID 0 | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.5.5 Ensure default user umask is 027 or more restrictive - bashrc | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.1.3 Disable guest account login | CIS Apple macOS 10.14 v1.3.0 L1 | Unix | ACCESS CONTROL |
| 6.1.5 Ensure permissions on /etc/gshadow are configured | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.11 Ensure users' .netrc Files are not group or world accessible | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty - /etc/group | CIS Oracle Linux 6 Server L1 v2.0.0 | Unix | ACCESS CONTROL |
| 7.1 Extensible Firmware Interface (EFI) password | CIS Apple macOS 10.15 v1.3.0 L2 | Unix | ACCESS CONTROL |
| 8.1.1 Set Warning Banner for Standard Login Services - /etc/issue | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 8.1.1 Set Warning Banner for Standard Login Services - /etc/issue.net | CIS Red Hat Enterprise Linux 5 L1 v2.2.1 | Unix | ACCESS CONTROL |
| 8.11 Set default umask for users, Check if 'umask' is set to 077 - Check /etc/profile. | CIS Solaris 9 v1.3 | Unix | ACCESS CONTROL |
| 9.1.1 Verify System File Permissions | CIS Red Hat Enterprise Linux 5 L2 v2.2.1 | Unix | ACCESS CONTROL |
| 18.10.3.1 (L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server | Windows | ACCESS CONTROL |
| 18.10.3.1 (L2) Ensure 'Allow a Windows app to share application data between users' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | ACCESS CONTROL |
| 19.7.26.1 (L1) Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL |
