| 1.2 Ensure 'Host headers' are on all sites | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.14 Ensure API Keys Are Restricted to Only APIs That Application Needs Access | CIS Google Cloud Platform v3.0.0 L2 | GCP | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - /etc/subgid | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - /etc/subuid | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support - SecurityOptions | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Ensure MySQL is Bound to an IP Address | CIS MySQL 5.6 Enterprise Database L2 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed - daemon.json | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed - dockerd | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | CIS Docker v1.6.0 L2 Docker Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - %WINDIR%\my.cnf | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - config files not found | CIS MySQL 5.6 Enterprise Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - MYSQL_INSTALL\my.cnf | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - MYSQL_INSTALL\my.cnf | CIS MySQL 5.6 Enterprise Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - MYSQL_INSTALL\my.ini | CIS MySQL 5.6 Community Windows OS L2 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - SYSCONFDIR/my.cnf | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'allow-suspicious-udfs' Is Set to 'OFF' - SYSCONFDIR/my.cnf passed | CIS MySQL 5.6 Community Linux OS L2 v2.0.0 | Unix | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %WINDIR%\my.ini | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@global.sql_mode' | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
