| 1.1 Verify all application software is current | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.3 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.2 Enable Auto Update | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.2.3 Ensure HTTP and Telnet options are disabled for the management interface | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 2.5 Ensure proper SNMP configuration - 'community name public does not exist' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 2.6.6 Enable Location Services | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Ensure remote access capabilities for the User-ID service account are forbidden. | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure a fully-synchronized High Availability peer is configured | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Configure persistent logging for all ESXi host | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.2 Establish a password policy for password complexity | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Use Active Directory for local user authentication - Enabled = 'true' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Use Active Directory for local user authentication - Review Domain | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.5 Ensure Encryption of Data at Rest - enableEncryption | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure that system activity is audited | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.1 Use secure Realms | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | ACCESS CONTROL |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.3 Disable SSH | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 5.3 Ensure that logging captures as much information as possible | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Ensure login keychain is locked when the computer sleeps | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.6 Enable OCSP and CRL certificate checking - OCSPStyle | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.9 Set DCUI.Access to allow trusted users to override lockdown mode | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 5.15 Disable Fast User Switching | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Zero out VMDK files prior to deletion | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 6.21 Ensure that 'Wildfire Inline ML' on antivirus profiles are set to enable for all file types | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.24 Ensure that 'Inline Cloud Analysis' on Anti-Spyware profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.25 Ensure that 'DNS Policies' is configured on Anti-Spyware profiles if 'DNS Security' license is available | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Application specific logging | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure appropriate key file permissions are set - keyFile | CIS MongoDB 5 L1 OS Linux v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
| 7.3 Ensure className is set correctly in context.xml | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure that port groups are not configured to the value of the native VLAN | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.1.1 Limit informational messages from the VM to the VMX file | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 8.3.4 Use templates to deploy VMs whenever possible | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.4.4 Control VMsafe Agent Configuration | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| 8.4.5 Disable Autologon | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | ACCESS CONTROL |
| 8.4.7 Disable Guest Host Interaction Protocol Handler | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.11 Disable Unity Push Update | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.17 Disable Guest Host Interaction Tray Icon | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.26 Disable VM Console GUI Options | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.6.1 Avoid using nonpersistent disks | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | AUDIT AND ACCOUNTABILITY |
| 9.3 Disable deploy on startup of applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
