| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Remove extraneous files and directories - CATALINA_HOME/webapps/ROOT | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1 Ensure that the --anonymous-auth argument is set to false | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Ensure that the --insecure-allow-any-token argument is not set | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Ensure that the --insecure-bind-address argument is not set | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.10 Ensure that the admission control policy is set to AlwaysPullImages | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.30 Ensure that the --etcd-cafile argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.34 Ensure that the encryption provider is set to aescbc | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | |
| 1.1.37 Ensure that the --request-timeout argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set to less than 10 | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.6 Set the Maximum Number of VTY Sessions | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3.2 Post-authentication Banner | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.2 Configure Password Encryption | CIS Cisco NX-OS v1.2.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION |
| 1.4.3 Set password lifetime, warning time and grace time for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 1.4.4 Set password length for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.4 Disable X-Powered-By HTTP Header and Rename the Server Value for all Connectors | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure Sever Header is Modified To Prevent Information Disclosure | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7.1 iCloud configuration | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.7.3 iCloud Drive | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.8.1 Time Machine Auto-Backup | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONTINGENCY PLANNING |
| 3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Configure FCoE Zoning | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Configure a Remote Backup Schedule | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONTINGENCY PLANNING |
| 4.2 Restrict access to $CATALINA_BASE | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Restrict access to Tomcat configuration directory | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.10 Restrict access to Tomcat context.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.11 Restrict access to Tomcat logging.properties | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.12 Restrict access to Tomcat server.xml | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Use secure Realms | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.1.4 Check Library folder for world writable files | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 5.2.3 Complex passwords must contain an Alphabetic Character | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | |
| 5.6 Ensure login keychain is locked when the computer sleeps | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Enable OCSP and CRL certificate checking - OCSPStyle | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.19 Create specialized keychains for different purposes | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Setup Client-cert Authentication | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.4 Safari disable Internet Plugins for global use | CIS Apple macOS 10.12 L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'sslProtocol' is Configured Correctly for Secure Connectors | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler exists inin default | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.2 Specify file handler in logging.properties files - check if java.util.logging.ConsoleHandler logging is enabled in web application | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure directory in context.xml is a secure location - configuration | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 7.6 Ensure directory in logging.properties is a secure location - check prefix application name | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.3 Restrict manager application | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 10.10 Configure maxHttpHeaderSize | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.13 Do not run applications as privileged | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
| 10.14 Do not allow cross context requests | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 10.17 Setting Security Lifecycle Listener - check for config component | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | ACCESS CONTROL |
