| 1.1.1.2.1.6 Set 'System objects: Default owner for objects created by members of the Administrators group' to 'Object creator' | CIS Windows 2003 MS v3.1.0 | Windows | ACCESS CONTROL |
| 1.1.1.2.1.28 Configure 'DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax' | CIS Windows 2003 MS v3.1.0 | Windows | ACCESS CONTROL |
| 1.1.22 Ensure sticky bit is set on all world-writable directories | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.1.22 Ensure sticky bit is set on all world-writable directories | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
| 1.1.22 Ensure sticky bit is set on all world-writable directories | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.4.3 Set the SELinux Policy 'SELINUXTYPE=targeted' | CIS Red Hat Enterprise Linux 5 L2 v2.2 | Unix | ACCESS CONTROL |
| 1.6.1.1 Ensure SELinux is enabled in the bootloader configuration - security=selinux | CIS Debian 9 Server L2 v1.0.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/menu.lst enforcing=0 | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/menu.lst enforcing=0 | CIS Distribution Independent Linux Server L2 v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - /boot/grub2/menu.lst selinux=0 | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.1 Ensure SELinux is not disabled in bootloader configuration - enforcing=0 | CIS SUSE Linux Enterprise Server 12 L2 v2.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1.2 Ensure the SELinux state is enforcing - /etc/selinux/config | CIS Debian 8 Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - /etc/selinux/config | CIS Debian 8 Workstation L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.2 Ensure the SELinux state is enforcing - sestatus | CIS Debian 8 Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.3 Ensure SELinux policy is configured | CIS Debian 8 Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure no unconfined daemons exist | CIS Debian 8 Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.1.4 Ensure no unconfined daemons exist | CIS Debian 8 Workstation L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.2.1 Ensure AppArmor is not disabled in bootloader configuration | CIS Distribution Independent Linux Workstation L2 v1.1.0 | Unix | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 8 Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.6.2.2 Ensure all AppArmor Profiles are enforcing - profiles loaded | CIS Debian 8 Workstation L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - loaded | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - loaded | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.3 Ensure all AppArmor Profiles are in enforce or complain mode - unconfined | CIS Ubuntu Linux 20.04 LTS Server L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - complain | CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - loaded | CIS Ubuntu Linux 18.04 LTS Workstation L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - loaded | CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - unconfined | CIS Ubuntu Linux 20.04 LTS Server L2 v1.0.0 | Unix | ACCESS CONTROL |
| 1.7.1.4 Ensure all AppArmor Profiles are enforcing - unconfined | CIS Ubuntu Linux 18.04 LTS Server L2 v2.0.1 | Unix | ACCESS CONTROL |
| 2.3.10.9 (L1) Ensure 'Network access: Restrict anonymous access to Named Pipes and Shares' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.3.10.10 (L1) Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 2.3.10.10 Ensure 'Network access: Shares that can be accessed anonymously' is set to 'None' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | CIS Debian 8 Server L1 v2.0.1 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - /etc/profile | CIS Debian 8 Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 5.4.4 Ensure default user umask is 027 or more restrictive - override | CIS Ubuntu Linux 20.04 LTS Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user umask is configured - profiles | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user umask is configured - system wide | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | ACCESS CONTROL |
| 5.4.5 Ensure default user umask is configured - system wide umask | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | ACCESS CONTROL |
| 5.5 Database Manager Configuration Parameter: TRUST_CLNTAUTH | CIS IBM DB2 11 v1.1.0 Windows OS Level 1 | Windows | ACCESS CONTROL |
| 5.5.5 Ensure default user umask is 027 or more restrictive - /etc/bashrc | CIS Oracle Linux 8 Workstation L1 v1.0.0 | Unix | ACCESS CONTROL |
| 5.8 Ensure non-privileged users are prevented from executing privileged functions | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | ACCESS CONTROL |
| 5.10 Ensure Access to .ht* Files Is Restricted | CIS Apache HTTP Server 2.2 L1 v3.5.0 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 7.4 Set Default umask for Users '/etc/profile.d/* - umask 077' | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | ACCESS CONTROL |
| 10.1 Ensure SELinux Is Enabled in Enforcing Mode - config file | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | ACCESS CONTROL |
| 10.1 Ensure SELinux Is Enabled in Enforcing Mode - current mode | CIS BIND DNS v1.0.0 L2 Authoritative Name Server | Unix | ACCESS CONTROL |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode - config | CIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware | Unix | ACCESS CONTROL |
| 11.1 Ensure SELinux Is Enabled in Enforcing Mode - current | CIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware | Unix | ACCESS CONTROL |
| 12.1 Ensure the AppArmor Framework Is Enabled | CIS Apache HTTP Server 2.4 L2 v1.5.0 | Unix | ACCESS CONTROL |
| 18.9.59.3.3.2 Ensure 'Do not allow drive redirection' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 19.7.26.1 Ensure 'Prevent users from sharing files within their profile.' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
