| 1.1 Remove extraneous files and directories - /webapps/docs | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 1.1.2 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.3.2 Ensure 'Minimum Length' is greater than or equal to 12 | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 1.6.2 Ensure redundant NTP servers are configured appropriately | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 2.2 Configure the ESXi host firewall to restrict access to services running on the host | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 2.3 Ensure that User-ID is only enabled for internal trusted interfaces | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 2.6 Prevent unintended use of dvfilter network APIs | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 2.7 Remove expired or revoked SSL certificates from the ESXi server | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Configure remote logging for ESXi hosts | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | AUDIT AND ACCOUNTABILITY |
| 4.1 Create a non-root user account for local admin access | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 5.2 Disable ESXi Shell unless needed for diagnostics or troubleshooting | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 5.2 Ensure a WildFire Analysis profile is enabled for all security policies | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure all WildFire session information settings are enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure 'WildFire Update Schedule' is set to download and install updates in real-time | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.8 Set a timeout for Shell Services | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 6.1 Enable bidirectional CHAP authentication for iSCSI traffic. | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Ensure that antivirus profiles are set to reset-both on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure uniqueness of CHAP authentication secrets | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 6.11 Ensure all HTTP Header Logging options are enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure that the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.3 Disconnect unauthorized devices - Parallel Devices | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.5 Disconnect unauthorized devices - USB Devices | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | MEDIA PROTECTION |
| 8.2.7 Prevent unauthorized connection of devices. | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 8.3.3 Use secure protocols for virtual serial port access | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.4.16 Disable Trash Folder State | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.20 Disable GetCreds | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.22 Disable Guest Host Interaction Launch Menu | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.23 Disable memSchedFakeSampleStats | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.24 Disable VM Console Copy operations | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 8.5.1 Prevent virtual machines from taking over resources - Mem Share Level | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.5.1 Prevent virtual machines from taking over resources - Num Mem Shares | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Starting Tomcat with Security Manager | CIS Apache Tomcat 9 L1 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 9.2 Disabling auto deployment of applications | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | CONFIGURATION MANAGEMENT |
| 10.15 Do not resolve hosts on logging valves | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Ensure secondary-ntp-server is configured | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| Failed Attempts | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| host | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| ip-tag | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| Link Monitoring Failure Condition | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| Lockout Time | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| Referer | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| SSH | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| Tomcat 9 is installed | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | |
| User-Agent | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
| X-Forwarded-For | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | |
