| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.4.3 Ensure keepalive_timeout is 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4.3 Ensure keepalive_timeout is 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4.3 Ensure keepalive_timeout is 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4.4 Ensure send_timeout is set to 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4.4 Ensure send_timeout is set to 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.4.4 Ensure send_timeout is set to 10 seconds or less, but not 0 | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.1 Ensure server_tokens directive is set to 'off' | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.2 Ensure default error and index.html pages do not reference NGINX | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.2 Ensure default error and index.html pages do not reference NGINX | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.2 Ensure default error and index.html pages do not reference NGINX | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.3 Ensure hidden file serving is disabled | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.4 Ensure the NGINX reverse proxy does not enable information disclosure | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.5.4 Ensure the NGINX reverse proxy does not enable information disclosure | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.1 Ensure timeout values for reading the client header and body are set correctly | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.1 Ensure timeout values for reading the client header and body are set correctly | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.1 Ensure timeout values for reading the client header and body are set correctly | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.2 Ensure the maximum request body size is set correctly | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.2 Ensure the maximum request body size is set correctly | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.2 Ensure the maximum request body size is set correctly | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.3 Ensure the maximum buffer size for URIs is defined | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.3 Ensure the maximum buffer size for URIs is defined | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.3 Ensure the maximum buffer size for URIs is defined | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure the number of connections per IP address is limited | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.5 Ensure rate limits by IP address are set | CIS NGINX Benchmark v2.1.0 L2 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.5 Ensure rate limits by IP address are set | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.2.5 Ensure rate limits by IP address are set | CIS NGINX Benchmark v2.1.0 L2 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.3.1 Ensure X-Frame-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.3.2 Ensure X-Content-Type-Options header is configured and enabled | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.3.4 Ensure the Referrer Policy is enabled and configured properly | CIS NGINX Benchmark v2.1.0 L2 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS Microsoft SQL Server 2019 v1.4.0 L1 Database Engine | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure Database and Application User Input is Sanitized | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.2.3 Ensure no duplicate UIDs exist | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.3 Ensure no duplicate UIDs exist | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.4 Ensure no duplicate GIDs exist | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 6.2.5 Ensure no duplicate user names exist | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L2 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 (L1) Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
