| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/host-manager | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure Authentication is configured | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Alter the Advertised server.number String | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3 Alter the Advertised server.built Date | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - SMB | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.6.1.1 Enable FileVault | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8.2 Time Machine Volumes Are Encrypted | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Pair the remote control infrared receiver if enabled | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 2.10 Enable Secure Keyboard Entry in terminal.app | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Ensure least privilege for database accounts | CIS MongoDB 7 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL |
| 3.2 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.5 Review Superuser/Admin Roles | CIS MongoDB 7 v1.2.0 L2 MongoDB | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles - clusterAdmin | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles - hostManager | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 4.1 Ensure legacy TLS protocols are disabled | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.1 Restrict access to $CATALINA_HOME | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.4 Ensure Federal Information Processing Standard (FIPS) is enabled | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.15 Restrict access to jaspic-providers.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Ensure that system activity is audited | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Use LockOut Realms | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure SSLEnabled is set to True for Sensitive Connectors - verify SSLEnabled is set to true | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure scheme is set accurately | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 6 v1.2.0 L2 MongoDB | Windows | CONFIGURATION MANAGEMENT |
| 6.3 Ensure that server-side scripting is disabled if not needed | CIS MongoDB 7 v1.2.0 L2 Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.1 (L2) Virtual machines must enable Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.1 Ensure appropriate key file permissions are set | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure appropriate database file permissions are set. | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | ACCESS CONTROL |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.15 (L2) Virtual machines must remove unnecessary CD/DVD devices | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 8.1 Restrict runtime access to sensitive packages | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files - verify Web content directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 10.2 Restrict access to the web administration application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.5 Rename the manager application - webapps/manager | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.9 Configure connectionTimeout | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.12 Do not allow symbolic linking | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 10.18 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 18.9.31.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.10.1.9 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.9 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.12 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.12 Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.29.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.29.3 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
