| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.6 Ensure 'REMOTE_LISTENER' Is Empty | CIS Oracle Server 12c DB Traditional Auditing v3.0.0 | OracleDB | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 2.6.8 Disable sending diagnostic and usage data to Apple | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.7 Ensure internal sources are blocked on external networks | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.3 Forbid Dial in Access | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.5.1.3 NIS - remove NIS markers from password and group files - /etc/group | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.5.1.3 NIS - remove NIS markers from password and group files - /etc/passwd | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure VPC flow logging is enabled in all VPCs | CIS Amazon Web Services Foundations L2 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Ensure that VPC Flow Logs is Enabled for Every Subnet in a VPC Network | CIS Google Cloud Platform v3.0.0 L2 | GCP | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.14 Ensure Accept RIP is not enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled | CIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd | CIS Red Hat 6 Server L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd | CIS CentOS 6 Server L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd_config | CIS CentOS 6 Server L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd_config | CIS CentOS 6 Workstation L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd_config | CIS Oracle Linux 6 Server L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd_config | CIS Oracle Linux 6 Workstation L2 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.3.21 Ensure SSH AllowTcpForwarding is disabled - sshd_config | CIS Red Hat 6 Workstation L2 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.10.6 Ensure Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 6.10.7 Ensure Reverse Telnet is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND INFORMATION INTEGRITY |
| 6.10.9 Ensure Finger Service is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.11.2 Ensure Auxiliary Port is Set as Insecure If Used | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.13 Ensure Autoinstallation is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.5 Ensure that port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.4.1 Ensure access to VMs through the dvfilter network APIs is configured correctly | CIS VMware ESXi 6.5 v1.0.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.3.3 (L1) Ensure 'Configure SMB v1 server' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.3.4 Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.4.2 Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.5 Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.4.1 (L1) Ensure 'Turn off multicast name resolution' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.4.1 Ensure 'Turn off multicast name resolution' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.7.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.8.36.1 Ensure 'Configure Offer Remote Assistance' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
