| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/examples | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 (L1) Host hardware must enable UEFI Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND SERVICES ACQUISITION |
| 1.3 (L1) Host hardware must enable Intel TXT, if available | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.4 (L1) Host hardware must enable and configure a TPM 2.0 | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.5.3 Configure Netflow on Strategic Ports | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.6 (L1) Host integrated hardware management controller must enable time synchronization | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.10 Use Dedicated "mgmt" Interface and VRF for Administrative Functions | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.1 Ensure Authentication is configured | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.1.2 Ensure 'ADMIN_RESTRICTIONS_' Is Set to 'ON' | CIS Oracle Server 19c Linux v1.2.0 | Unix | ACCESS CONTROL |
| 2.2 (L1) Host must have all software updates installed | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.3 (L1) Host must enable Secure Boot enforcement | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3 Ensure authentication is enabled in the sharded cluster | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED' | CIS Oracle Server 19c Linux v1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.10.11 Ensure 'Internet and network paths into hyperlinks' is set to 'Disabled' | CIS Microsoft Office Enterprise v1.2.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 2.7 (L1) Host must have time synchronization services enabled and running | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 2.7 Ensure Sever Header is Modified To Prevent Information Disclosure | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1.1 Configure EIGRP Authentication on all EIGRP Routing Devices | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2 Ensure that role-based access control is enabled and configured appropriately | CIS MongoDB 6 v1.2.0 L1 MongoDB | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure that role-based access control is enabled and configured appropriately - roles | CIS MongoDB 5 L1 DB v1.2.0 | MongoDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.4 Ensure that each role for each MongoDB database is needed and grants only the necessary privileges | CIS MongoDB 5 L1 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 3.5 Review Superuser/Admin Roles - dbAdminAnyDatabase | CIS MongoDB 5 L2 DB v1.2.0 | MongoDB | ACCESS CONTROL |
| 4.2 Ensure Weak Protocols are Disabled | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure Weak Protocols are Disabled | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Configure Alerts on all Configuration Changes | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT |
| 4.5 Ensure Encryption of Data at Rest | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7 Restrict access to Tomcat web application directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | |
| 5.2.6 Complex passwords must uppercase and lowercase letters | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | AUDIT AND ACCOUNTABILITY |
| 5.7 Enable OCSP and CRL certificate checking - CRLStyle | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Ensure that MongoDB uses a non-default port | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that operating system resource limits are set for MongoDB | CIS MongoDB 6 v1.2.0 L2 MongoDB | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4.1 (L1) Host SNMP services, if enabled, must limit access | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.1 Ensure appropriate key file permissions are set | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if org.apache.juli.FileHandler logging is enabled in default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.3 Computer Name Considerations | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.4 Ensure directory in context.xml is a secure location - permissions | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.5 Ensure pattern in context.xml is correct | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.8 Do not allow additional path delimiters - ALLOW_ENCODED_SLASH | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.17 Setting Security Lifecycle Listener - check for umask uncommented in startup | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
