| 1.1.6 Ensure separate partition exists for /var | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Create mozilla.cfg file | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.5 Configure DB2 to use non-standard ports - Port 50000 | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Protect Firefox Binaries | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1.1.1.1 Set the 'hostname' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure time set is within appropriate limits | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1.1 Ensure cron daemon is enabled and active | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1.1 Ensure cron daemon is enabled and active | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 2.61 (L1) Ensure 'Enable network prediction' is set to 'Enabled: Do not predict actions on any network connection' | CIS Google Chrome Group Policy v1.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Set a nondeterministic Shutdown command value. | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.1 Validate Proxy Settings | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Set File URI Origin Policy | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.1.1.1 Ensure cron daemon is enabled and active | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.1.1 Ensure cron daemon is enabled and active | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.1.13 Ensure a Secure Connect Procedure is Used (CONNECT_PROC) | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 4.2 Enable 'Show Wi-Fi status in menu bar' - Show Wi-Fi status in menu bar | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.8.2 Ensure root user default shell is ksh | CIS IBM AIX 7 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 4.8.4 Ensure default path does not include current working directory | CIS IBM AIX 7 v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Turn on filename extensions | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.1 (L1) Ensure all forms of mail forwarding are blocked and/or disabled | CIS Microsoft 365 Foundations v5.0.0 L1 E5 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 6.2.3 (L1) Ensure email from external senders is identified | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | CONFIGURATION MANAGEMENT |
| 6.3 Tracking Protection - privacy.trackingprotection.pbmode | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Secure Application Plug-ins | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 8.2.11 Keep Master Key Labels Unique | CIS IBM DB2 11 v1.1.0 Database Level 2 | IBM_DB2DB | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 7 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.1 Ensure Web content directory is on a separate partition from the Tomcat system files (verify Web content directory) | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.20 Use the logEffectiveWebXml and metadata-complete settings for deploying applications in production - web.xml | CIS Apache Tomcat 7 L1 v1.1.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 18.7.4 (L1) Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.5 (L1) Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.7 (L1) Ensure 'Configure RPC over TCP port' is set to 'Enabled: 0' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.7.7 (L1) Ensure 'Configure RPC over TCP port' is set to 'Enabled: 0' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.7.12 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.27.1 (L2) Ensure 'Disallow copying of user input methods to the system account for sign-in' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| Configure NetBIOS settings | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enable site isolation for every site | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Enhanced secure mode | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Management VLAN | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| NetBT NodeType configuration | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen camera | MSCT Windows Server 2025 MS v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen slide show | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether SharedArrayBuffers can be used in a non cross-origin-isolated context | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specifies whether to allow websites to make requests to any network endpoint in an insecure manner. | MSCT Edge v134 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off the Security Settings Check feature | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
