| 1.1.9 Ensure that the --profiling argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Enable SSH (/etc/ssh/sshd_config) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Use IP address rather than hostname | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Use IP address rather than hostname | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.2.1.6 Ensure 'Saved from URL' is set to Enabled - msaccess.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.6 Ensure 'Saved from URL' is set to Enabled - onent.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.6 Ensure 'Saved from URL' is set to Enabled - spDesign.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - visio.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.8 Ensure 'Scripted Window Security Restrictions' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - exprwd.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - groove.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - mse7.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - mspub.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.1.9 Ensure 'Local Machine Zone Lockdown Security' is set to Enabled - winproj.exe | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure that the --terminated-pod-gc-threshold argument is set as appropriate | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.1 Ensure that the API server pod specification file permissions are set to 644 or more restrictive | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.6 Ensure that the scheduler pod specification file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.7 Ensure that the etcd.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.9 Ensure that the flanneld file permissions are set to 644 or more restrictive | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.10 Ensure that the Container Network Interface file ownership is set to root:root | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.13 Ensure that the admin.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.15 Ensure that the scheduler.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.16 Ensure that the scheduler.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.17 Ensure that the controller-manager.conf file permissions are set to 644 or more restrictive | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.4.18 Ensure that the controller-manager.conf file ownership is set to root:root | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.5 Installing ISC BIND 9 - named location | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - clusterrolebinding | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - psp | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 1.6.9 Place compensating controls in the form of PSP and RBAC for privileged containers usage - rolebinding | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.7 Ensure that the --protect-kernel-defaults argument is set to true | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.1.9 Ensure that the --keep-terminated-pod-volumes argument is set to false | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure that the config file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure that the kubelet file ownership is set to root:root | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.9 Set 'Enter the Secure Folder path' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.8 Require instance name for discovery requests | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.14 Set failed archive retry delay | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.15 Auto-restart after abnormal termination | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.17 Reserve the desired port number or name for incoming connection requests | CIS IBM DB2 9 Benchmark v3.0.1 Level 2 OS Windows | Windows | CONFIGURATION MANAGEMENT |
| 3.4 Set 'Days to keep pages in History' to '40' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.3 Use Unique Keys for Each Pair of Hosts - unique keys | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | CONFIGURATION MANAGEMENT |
| 5.3 Enable Automatic Database Maintenance | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Set permissions on system log files (/var/log/ppp.lo*) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 6.4 Configure 'Turn on Suggested Sites' | CIS IE 10 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.4 Configure 'Turn on Suggested Sites' | CIS IE 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.6 User home directories should be kept private | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 7.5 Create warning banners for the system (/etc/motd permissions) | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 8.7 No user dot-files should be world writable | CIS FreeBSD v1.0.5 | Unix | CONFIGURATION MANAGEMENT |
| 9.1 Set 'Disable the Advanced page' to 'Enabled' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
