1.1.8 Ensure that the --repair-malformed-updates argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.1.13 Ensure that the admission control policy is set to NamespaceLifecycle | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-certificate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.1.27 Ensure that the admission control policy is set to ServiceAccount | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
1.1.28 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-private-key-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.1.30 Ensure that the --etcd-cafile argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file contents | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
1.1.36 Ensure that the AdvancedAuditing argument is not set to false - audit-policy-file parameter | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
1.1.37 Ensure that the --request-timeout argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
1.2.1 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.3 Enable app update installs | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.3.5 Ensure that the --root-ca-file argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
1.3.7 Ensure that the RotateKubeletServerCertificate argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4 Enable system data files and security update installs - 'CriticalUpdateInstall' | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.4.3 Ensure that the controller manager pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4.8 Ensure that the etcd pod specification file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.4.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
1.5 Enable macOS update installs | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
1.6.3 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
1.6.7 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
2.1.2 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
2.1.2 Turn off Bluetooth 'Discoverable' mode when not pairing devices | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.2.2 Ensure time set is within appropriate limits | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
2.3.3 Set a screen corner to Start Screen Saver | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | ACCESS CONTROL |
2.4.6 Disable DVD or CD Sharing | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
3.1.8 Ensure that the admission control policy is not set to AlwaysAdmit | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
3.1.10 Ensure that the --audit-log-path argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
3.1.17 Ensure that the --service-account-key-file argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
3.1.19 Ensure that the --tls-cert-file and --tls-private-key-file arguments are set as appropriate - tls-cert-file | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
7.1 (L2) Virtual machines must enable Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
7.4 (L2) Virtual machines should deactivate 3D graphics features when not required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
8.8 (L2) VMware Tools must deactivate ContainerInfo unless required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
18.9.46.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
18.9.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.10.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.10.3.9 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.10.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
18.10.29.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |