| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Ensure proxy-arp is disabled | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Ensure proxy-arp is disabled | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks) | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks) | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks) | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks) | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.4 Ensure Bogon Filtering is set (where EBGP is used) | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | |
| 4.1.4 Ensure Bogon Filtering is set (where EBGP is used) | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.5 Ensure Ingress Filtering is set for EBGP peers | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.5 Ensure Ingress Filtering is set for EBGP peers | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.6 Ensure RPKI is set for Origin Validation of EBGP peers | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 4.6.1 Create administrative boundaries between resources using namespaces | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled | CIS Google Kubernetes Engine (GKE) v1.4.0 L2 | GCP | |
| 5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled | CIS Google Kubernetes Engine (GKE) v1.1.0 L2 Master | GCP | |
| 5.6.4 Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled | CIS Google Kubernetes Engine (GKE) v1.3.0 L2 | GCP | |
| 5.6.5 Ensure clusters are created with Private Nodes | CIS Google Kubernetes Engine (GKE) v1.1.0 L1 Master | GCP | |
| 5.6.5 Ensure clusters are created with Private Nodes | CIS Google Kubernetes Engine (GKE) v1.3.0 L1 | GCP | |
| 5.6.5 Ensure clusters are created with Private Nodes | CIS Google Kubernetes Engine (GKE) v1.4.0 L1 | GCP | |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes Benchmark v1.8.0 L1 Master | Unix | |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes Benchmark v1.7.1 L1 Master | Unix | |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes Benchmark v1.9.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.20 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
| 5.9 Ensure that the host's network namespace is not shared | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 5.9 Ensure that the host's network namespace is not shared | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
| 5.30 Ensure that the host's user namespaces are not shared | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 5.30 Ensure that the host's user namespaces are not shared | CIS Docker v1.3.1 L1 Docker Linux | Unix | |
| 5.31 Ensure that the host's user namespaces are not shared | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) | CIS Microsoft Azure Foundations v1.3.1 L1 | microsoft_azure | |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones | CIS Palo Alto Firewall 9 Benchmark L2 v1.0.0 | Palo_Alto | |
| 6.17 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.18 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | |
| 6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.18 Ensure that all zones have Zone Protection Profiles with all Reconnaissance Protection settings enabled, tuned, and set to appropriate actions | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 9 Benchmark L2 v1.0.0 | Palo_Alto | |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
