| 1.1.2 Ensure only trusted users are allowed to control Docker daemon | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.11 Do not create access keys during initial setup for IAM users with a console password | CIS Amazon Web Services Foundations v4.0.1 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.22 Ensure access to AWSCloudShellFullAccess is restricted | CIS Amazon Web Services Foundations v4.0.1 L1 | amazon_aws | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.2.3 Ensure that an exclusionary Device code flow policy is considered | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.6.1 Ensure Guest Account Is Disabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.6.1 Ensure Guest Account Is Disabled | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.20 Benchmark v1.0.1 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.10.0 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.23 Benchmark v1.0.1 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Master | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.12 Ensure 'User consent for applications' is set to 'Do not allow user consent' | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 2.12.1 Ensure Guest Account Is Disabled | CIS Apple macOS 14.0 Sonoma v2.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.12.1 Ensure Guest Account Is Disabled | CIS Apple macOS 13.0 Ventura v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.12.1 Ensure Guest Account Is Disabled | CIS Apple macOS 15.0 Sequoia v1.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.14 Ensure containers are restricted from acquiring new privileges | CIS Docker v1.7.0 L1 Docker - Linux | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 2.25 Ensure That 'Subscription leaving Microsoft Entra tenant' and 'Subscription entering Microsoft Entra tenant' Is Set To 'Permit no one' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 3.3.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.8 Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure that Storage Account Access Keys are Periodically Regenerated | CIS Microsoft Azure Foundations v3.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE |
| 5.1.6.1 Ensure that collaboration invitations are sent to allowed domains only | CIS Microsoft 365 Foundations E3 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.3.1 Ensure 'Privileged Identity Management' is used to manage roles | CIS Microsoft 365 Foundations E5 L2 v3.1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.1.3 Ensure Guest Account Is Disabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL |
| 6.2.15 Ensure all groups in /etc/passwd exist in /etc/group | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL |
| 7.1 Ensure authentication file permissions are set correctly | CIS MongoDB 3.6 L1 Unix Audit v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 7.1 Ensure authentication file permissions are set correctly | CIS MongoDB 3.6 L1 Windows Audit v1.1.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 9.2 Check for Duplicate User Names | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.13 Check Groups in passwd | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | ACCESS CONTROL |
| MS.AAD.7.3v1 - Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
