| 1.1.7 Ensure separate partition exists for /var/tmp | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Configure DB2 to use non-standard ports - Port 523 | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 1.5.8 Ensure DNS is servers are configured | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 2.3.10.12 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.4 Verify that docker.socket file permissions are set to 644 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.6.1.13 Ignore user-provided environment variables | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.7 Verify that registry certificate file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.9 Verify that TLS CA certificate file ownership is set to root:root | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.10 Verify that TLS CA certificate file permissions are set to 444 or more restrictive | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.17 Verify that daemon.json file ownership is set to root:root | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.1 (L2) Ensure devices without a compliance policy are marked 'not compliant' | CIS Microsoft 365 Foundations v5.0.0 L2 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 4.1 (L2) Ensure devices without a compliance policy are marked 'not compliant' | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC) | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.2.13 Ensure that a limit is set on pod PIDs | CIS Kubernetes v1.10.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 5.1 Use secure Realms | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.1 Prefer using secrets as files over secrets as environment variables | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.4.2 Consider external secret storage | CIS Kubernetes v1.10.0 L2 Master | Unix | CONFIGURATION MANAGEMENT |
| 5.6 Block Pop-up Windows | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.3 Tracking Protection - privacy.donottrackheader.value | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.5.2 (L1) Ensure MailTips are enabled for end users | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 7.2.2 (L1) Ensure SharePoint and OneDrive integration with Azure AD B2B is enabled | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 8.1.2 (L1) Ensure users can't send emails to a channel email address | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 8.2.10 Turn Off ALLOW_KEY_INSERT_WITHOUT_KEYSTORE_BACKUP | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 10.6 Enable strict servlet Compliance | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.7 Turn off session facade recycling | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 18.1.1.1 (L1) Ensure 'Prevent enabling lock screen camera' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.4.2 (L1) Ensure 'Configure RPC packet level privacy setting for incoming connections' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.4 (L1) Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.11 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.13 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.27.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.8.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| Allow unconfigured sites to be reloaded in Internet Explorer mode | MSCT Edge v133 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow unconfigured sites to be reloaded in Internet Explorer mode | MSCT Edge v135 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Edge Website Typo Protection | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Edge Website Typo Protection | MSCT Edge v137 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enable browser legacy extension point blocking | MSCT Edge v132 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enable browser legacy extension point blocking | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enable browser legacy extension point blocking | MSCT Edge v135 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Show the Reload in Internet Explorer mode button in the toolbar | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Show the Reload in Internet Explorer mode button in the toolbar | MSCT Edge v135 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Show the Reload in Internet Explorer mode button in the toolbar | MSCT Edge v136 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context | MSCT Edge v136 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v133 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v135 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v136 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
