| 1.1 (L1) Host hardware must have auditable, authentic, and up to date system & device firmware | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SYSTEM AND SERVICES ACQUISITION |
| 1.1.2 Ensure that the --basic-auth-file argument is not set | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.10 Ensure that the admission control policy is set to AlwaysPullImages | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.14 Ensure that the --audit-log-path argument is set as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.15 Ensure that the --audit-log-maxage argument is set to 30 or as appropriate | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 1.1.22 Ensure that the --kubelet-client-certificate and --kubelet-client-key arguments are set as appropriate - kubelet-client-key | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 1.1.24 Ensure that the admission control policy is set to PodSecurityPolicy | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.1.31 Ensure that the --authorization-mode argument is set to Node | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 1.2.1 Restrict Access to VTY Sessions | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.4 Set password length for local credentials | CIS Cisco NX-OS v1.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.16 Ensure that the scheduler.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.18 Ensure that the controller-manager.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.9 (L2) Host hardware must enable AMD SEV-ES, if available | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1.1 Configure RA Guard | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.9 (L1) Host must automatically deactivate shell services | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL |
| 3.15 (L1) Host must be configured with an appropriate maximum password age | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 3.17 (L1) Host must automatically terminate idle host client sessions | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.18 (L1) Host must have an accurate DCUI.Access list | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.23 (L2) Host must deny shell access for the vpxuser account | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.26 (L1) Host must enable the highest version of TLS supported | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 (L1) Host must transmit system logs to a remote log collector | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.5 (L1) Host must deactivate log filtering | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.7 (L1) Host must configure a persistent log location for all locally stored audit records | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 5.2 (L1) Host must block network traffic by default | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.3.2 (L1) Host iSCSI client, if enabled, must employ unique CHAP authentication secrets | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding | CIS VMware ESXi 8.0 v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.1 (L2) Virtual machines must enable Secure Boot | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 7.4 (L2) Virtual machines should deactivate 3D graphics features when not required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 7.5 (L1) Virtual machines must be configured to lock when the last console connection is closed | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 (L1) Virtual machines must prevent unauthorized connection of devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.12 (L1) Virtual machines must remove unnecessary USB/XHCI devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.13 (L1) Virtual machines must remove unnecessary serial port devices | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.18 (L1) Virtual machines must deactivate console copy operations | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 7.21 (L1) Virtual machines must deactivate virtual disk shrinking operations | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 7.25 (L1) Virtual machines must enable diagnostic logging | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.5 (L1) VMware Tools must limit the automatic addition of features | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 8.8 (L2) VMware Tools must deactivate ContainerInfo unless required | CIS VMware ESXi 8.0 v1.2.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 18.8.48.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.19.1 (L1) Ensure 'Turn off desktop gadgets' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.44.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 Enterprise v4.0.0 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.6 (NG) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
