| 1.1 Remove extraneous files and directories (WEBAPP_DIR/ROOT/admin) | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.4 Remove all non-essential services from the host - DPKG | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Remove all non-essential services from the host - DPKG | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Remove all non-essential services from the host - RPM | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Remove all non-essential services from the host - sockets | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.4 Ensure SETroubleshoot is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.1.5 Ensure the MCS Translation Service (mcstrans) is not installed | CIS Amazon Linux v2.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.8 Ensure 'Make passwords visible' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 1.11 Ensure 'Unknown sources' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.1 Ensure 'Notifications on the lock screen' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'Location Services' is set to Disabled | MobileIron - CIS Google Android 7 v1.0.0 L2 | MDM | CONFIGURATION MANAGEMENT |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'Web and App Activity' is set to Disabled | AirWatch - CIS Google Android 7 v1.0.0 L1 | MDM | CONFIGURATION MANAGEMENT |
| 2.7 Do not use the aufs storage driver | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.8 Do not bind Docker to another IP/Port or a Unix socket | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Disable operations on legacy registry (v1) | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.13 Disable operations on legacy registry (v1) | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.14.1 Audit Game Center Settings | CIS Apple macOS 14.0 Sonoma v1.1.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.15 Do not enable swarm mode, if not needed | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.18 Disable Userland Proxy | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.16 Ensure SSH AllowTcpForwarding is disabled | CIS Debian 10 Workstation L2 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 4.9 Use COPY instead of ADD in Dockerfile | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 4.12 Ensure 'Allow or deny screen capture' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.1.21 Ensure sshd PermitUserEnvironment is disabled | CIS Debian Linux 12 v1.0.1 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 5.5 Do not mount sensitive host system directories on containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.7 Ensure 'Link-Layer Topology Discovery Mapper (lltdsvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.8 Open only needed ports on container | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.8 Open only needed ports on container | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.10 Ensure 'Microsoft iSCSI Initiator Service (MSiSCSI)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.12 Ensure 'Peer Networking Grouping (p2psvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.13 Bind incoming container traffic to a specific host interface | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.14 Ensure 'PNRP Machine Name Publication Service (PNRPAutoReg)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.17 Ensure 'Remote Desktop Configuration (SessionEnv)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.19 Ensure 'Remote Desktop Services UserMode Port Redirector (UmRdpService)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.24 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.28 Ensure 'UPnP Device Host (upnphost)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.31 Do not mount the Docker socket inside any containers | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.35 Ensure 'Windows Media Player Network Sharing Service (WMPNetworkSvc)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.36 Ensure 'Windows Remote Management (WS-Management) (WinRM)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.38 Ensure 'World Wide Web Publishing Service (W3SVC)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure the X Window system is not installed | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Avoid image sprawl | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.6 Avoid image sprawl | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 6.8 Ensure DNS Server is not enabled | CIS Debian Linux 7 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 7.7 Prevent xdm from listening on port 6000/TCP | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 18.9.14.1 (L1) Ensure 'Turn off cloud consumer account state content' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
