| 1.1.3 Ensure nodev option set on /tmp partition | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.18 Ensure sticky bit is set on all world-writable directories | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure GPG keys are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.2 Ensure ntp is configured - restrict -4 | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.1.3 Ensure chrony is configured - chrony server/pool | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs-server | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - nfs-server status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure NFS and RPC are not enabled - rpcbind status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.11 Ensure IMAP and POP3 server is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.15 Ensure mail transfer agent is configured for local-only mode - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.17 Ensure rsh server is not enabled - rexec.socket | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.19 Ensure tftp server is not enabled - status | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.20 Ensure rsync service is not enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.5 Ensure LDAP client is not installed | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure IP forwarding is disabled - sysctl | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl.conf sysctl.d net.ipv4.conf.default.send_redirects | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure source routed packets are not accepted - sysctl.conf sysctl.d net.ipv6.conf.default.accept_source_route | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.4 Ensure suspicious packets are logged - sysctl.conf sysctl.d net.ipv4.conf.all.log_martians | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 3.2.5 Ensure broadcast ICMP requests are ignored - sysctl net.ipv4.icmp_echo_ignore_broadcasts | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.9 Ensure IPv6 router advertisements are not accepted - sysctl.conf sysctl.d net.ipv6.conf.all.accept_ra | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.5 Ensure permissions on /etc/hosts.deny are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.4.4 Ensure TIPC is disabled - grep modprobe.d | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.5.1.4 Ensure firewall rules exist for all open ports | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1.1 Ensure rsyslog Service is enabled | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.4 Ensure rsyslog is configured to send logs to a remote log host | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.1.5 Ensure remote rsyslog messages are only accepted on designated log hosts. - $ModLoad | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.7 Ensure sshd ClientAliveInterval and ClientAliveCountMax are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.2.14 Ensure sshd LogLevel is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.16 Ensure sshd MaxAuthTries is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2.17 Ensure sshd MaxSessions is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.3 Ensure logrotate is configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3.1 Ensure sudo is installed | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.1.1 Ensure pam_faillock module is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.1.3 Ensure password unlock time is configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| 4.4.2.2.1 Ensure pam_pwquality module is enabled | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.4.2.4.4 Ensure pam_unix includes use_authtok | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.2 Ensure password expiration is 365 days or less | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5.1.3 Ensure password expiration warning days is 7 or more | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5.1.4 Ensure inactive password lock is 30 days or less | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.1.1.4 Ensure rsyslog default file permissions are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION |
| 5.1.2.1.4 Ensure journald is not configured to receive logs from a remote client | CIS Amazon Linux 2 v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.1.8 Ensure at/cron is restricted to authorized users | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.3 Ensure permissions on SSH private host key files are configured | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2.13 Ensure only strong MAC algorithms are used | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.5 Ensure permissions on /etc/shadow are configured | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.3 Ensure all groups in /etc/passwd exist in /etc/group | CIS Amazon Linux 2 v3.0.0 L1 | Unix | ACCESS CONTROL |
| WPAW-00-001000 - The Windows PAW must be configured so that all non-administrative-related applications and functions are blocked or removed from the PAW platform, including but not limited to email, Internet browsing, and line-of-business applications. | DISA MS Windows Privileged Access Workstation v3r2 | Windows | CONFIGURATION MANAGEMENT |
