| 1.1.9 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Enable SSH (/etc/ssh/sshd_config) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Use IP address rather than hostname | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.7 Ensure that the etcd.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.9 Ensure that the flanneld file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.16 Ensure that the scheduler.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Enable Secure Admin Access - 'ssh.pubkey_auth.enable = on' | TNS NetApp Data ONTAP 7G | NetApp | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure that the config file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure that the kubelet file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Set permissions on BIND chroot-ed directories '/var/named/chroot/dev' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Set permissions on BIND chroot-ed directories '/var/named/chroot/etc' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Set permissions on BIND chroot-ed directories '/var/named/chroot/var' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Set permissions on BIND chroot-ed directories '/var/named/chroot/var/named/slaves/*' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.4.1 Set permissions on BIND chroot-ed directories '/var/named/chroot/var/tmp' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3 Verify that docker-registry.service file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.5 Verify that docker.socket file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.8 Ensure that registry certificate file permissions are set to 444 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.11 Verify that docker-registry environment file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.12 Verify that docker-registry environment file permissions are set to 644 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.14 Ensure that Docker server certificate key file permissions are set to 400 | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.16 Ensure that Docker socket file permissions are set to 660 or more restrictive | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.23 Verify that Docker server certificate key file ownership is set to root:root | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.24 Verify that Docker server certificate key file permissions are set to 400 | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.26 Verify that Docker socket file permissions are set to 660 or more restrictive | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Set permissions on system log files (/var/log/ppp.lo*) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 6.6 User home directories should be kept private | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 7.5 Create warning banners for the system (/etc/motd permissions) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 8.7 No user dot-files should be world writable | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| Huawei: Set System Name | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| OpenStack Compute - user/group ownership of config files set to root/nova - /etc/nova/policy.json | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Horizon - strict permissions set for horizon configuration files - /etc/openstack-dashboard/local_settings.py | TNS OpenStack Dashboard/Horizon Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - strict permissions set for Identity configuration files - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/keystone.conf | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Identity - user/group ownership of config files set to keystone - /etc/keystone/ssl/private/signing_key.pem | TNS OpenStack Keystone/Identity Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - strict permissions set for Compute configuration files - /etc/neutron/neutron.conf | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| OpenStack Networking - user/group ownership of config files set to root/neutron - /etc/neutron/api-paste.ini | TNS OpenStack Neutron/Networking Security Guide | Unix | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen camera | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen camera | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen slide show | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen slide show | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent enabling lock screen slide show | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Shutdown: Clear virtual memory pagefile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off the Security Settings Check feature | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off the Security Settings Check feature | MSCT Windows Server 2019 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
