| 1.3 Dedicated Name Server Role | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Dedicated Name Server Role | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes 1.13 Benchmark v1.4.1 L2 | Unix | |
| 1.5.7 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes 1.11 Benchmark v1.3.0 L2 | Unix | |
| 1.5.9 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.5.9 Ensure that a unique Certificate Authority is used for etcd | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure that the --streaming-connection-idle-timeout argument is not set to 0 | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | MobileIron - CIS Apple iOS 11 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.2.1.12 Ensure 'Allow adding VPN configurations' is set to 'Disabled' | AirWatch - CIS Apple iOS 12 v1.0.0 Institution Owned L1 | MDM | CONFIGURATION MANAGEMENT |
| 3.3 Restrict Query Origins | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | |
| 3.3 Restrict Query Origins | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 3.4 Restrict Queries of the Cache - Authoritative Only | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Restrict Queries of the Cache - Caching Only | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Connection Timeout | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above configurable traffic volume thresholds - Max Bandwidth | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidth | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Securely Authenticate Update Forwarding | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.13 Ensure incoming container traffic is binded to a specific host interface | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 5.31 Ensure the Docker socket is not mounted inside any containers | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports - TCP 1433 | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports - UDP 1434 | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 6.1 Ensure that the SQL Server component to SharePoint is set to listen on non-default ports, with the defaults (UDP 1434 and TCP 1433) disabled | CIS Microsoft SharePoint 2019 DB v1.0.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.2 L1 Unix Audit v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 6.2 Ensure that MongoDB uses a non-default port | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Do Not Define a Static Source Port | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | |
| 7.1 Do Not Define a Static Source Port | CIS BIND DNS v3.0.1 Authoritative Name Server | Unix | |
| 7.2 Enable DNSSEC Validation - dnssec-enable | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Disable the dnssec-accept-expired Option | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | |
| 9.2 Ensure KeepAlive Is Enabled | CIS Apache HTTP Server 2.2 L1 v3.6.0 Middleware | Unix | ACCESS CONTROL |
| 9.2 Ensure KeepAlive Is Enabled | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 18.4.4 Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.4.4 Ensure 'MSS: (DisableSavePassword) Prevent the dial-up password from being saved' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.4.7 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v1909 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 2016 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 2019 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
