| 1.1.5 Ensure that the --insecure-bind-address argument is not set | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.6 - AirWatch - Disable Passcode Unlock for Fingerprints | AirWatch - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.7 - MobileIron - Disable 'Wi-Fi' | MobileIron - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.8 - MobileIron - Disable 'Bluetooth' | MobileIron - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.9 - AirWatch - Disable 'Location Services' - WiFi Location Services | AirWatch - CIS Google Android 4 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.1.12 - MobileIron - Turn off VPN when not needed | MobileIron - CIS Apple iOS 9 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.13 - MobileIron - Turn off VPN when not needed | MobileIron - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.17 - MobileIron - Disable 'Unknown sources' - Samsung SAFE | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.31 Ensure that the --authorization-mode argument is set to Node | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.32 Ensure that the --authorization-mode argument is set to Node | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.2.2 - AirWatch - Enable Fraudulent Website Warning | AirWatch - CIS Apple iOS 8 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.2.2 - MobileIron - Enable 'Show security warnings' - 'Samsung SAFE' | MobileIron - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.2.3.6 Set 'Enable RPC Endpoint Mapper Client Authentication' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4 - AirWatch - Disable Auto Fill for Names and Passwords | AirWatch - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2.4.5.2 Configure 'Allow users to connect remotely by using Remote Desktop Services' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.5 - AirWatch - Enable 'Block pop-ups' | AirWatch - CIS Google Android 4 v1.0.0 L1 | MDM | ACCESS CONTROL |
| 1.2.9 - AirWatch - Turn On Do Not Track | AirWatch - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2.9 - MobileIron - Turn On Do Not Track | MobileIron - CIS Apple iOS 8 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 1.2.9 - MobileIron - Turn On Do Not Track | MobileIron - CIS Apple iOS 9 v1.0.0 L2 | MDM | ACCESS CONTROL |
| 2.1.5 Ensure that the --read-only-port argument is set to 0 | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.12 Ensure that the --cadvisor-port argument is set to 0 | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.13 Ensure that the --cadvisor-port argument is set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.11 Disable Apache services - Make sure that /etc/apache/httpd.conf does not exist. Note this check is only applicable for Apache 1.x | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Disable Remote Apple Events | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.8 Disable File Sharing - SMB | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.9 Disable instance discoverability | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.9 Disable instance discoverability | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 3.2 Ensure that MongoDB only listens for network connections on authorized interfaces | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.2 Restrict Recursive Queries - Caching Name Server | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.7 Disable unused task scheduler | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 4.5 Ensure ftp server is not running | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.6 Ensure nfs server is not running | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Securely Authenticate Zone Transfers | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Disable login: Prompts on Serial Ports - Check if x is added to the flag field for ttya | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 6.15 Configure Mail Transfer Agent for Local-Only Mode | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.5.1 Disable DCCP | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.5.4 Disable TIPC | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.2.6 Accept Remote rsyslog Messages Only on Designated Log Hosts - ModLoad imtcp.so - Syslog Server | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.4 Disable the HTTP Statistics Server | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 8.5 Remove default databases | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Remove Unused Schemas | CIS IBM DB2 v10 v1.1.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 9.10 Check for Presence of User .rhosts Files | CIS Solaris 10 L1 v5.2 | Unix | CONFIGURATION MANAGEMENT |
| 9.10 Check for Presence of User .rhosts Files | CIS Solaris 11 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 18.5.10.2 Ensure 'Turn off Microsoft Peer-to-Peer Networking Services' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.37.2 Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.59.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.59.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.59.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
