| 1.1 Create a separate partition for containers | CIS Docker 1.11.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.12.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Create a separate partition for containers | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Ensure 'Web content' is on non-system partition | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 1.1 Ensure a separate partition for containers has been created | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.1 Ensure a separate partition for containers has been created | CIS Docker v1.6.0 L1 Docker Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Enterprise Linux OS L1 v1.3.0 | Unix | ACCESS CONTROL |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | CIS MySQL 8.0 Community Linux OS L1 v1.0.0 | Unix | ACCESS CONTROL |
| 1.3 Ensure device is physically secured | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 1.17 Ensure a support role has been created to manage incidents with AWS Support | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | INCIDENT RESPONSE |
| 1.20 Ensure that IAM Access analyzer is enabled for all regions | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL, MEDIA PROTECTION |
| 1.22 Ensure access to AWSCloudShellFullAccess is restricted | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.7.1 Ensure 'Notification Settings' are configured for all 'Managed Apps' | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 3.4 Ensure that Cassandra is run using a non-privileged, dedicated service account | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.2.7 Ensure that the --make-iptables-util-chains argument is set to true | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | CONFIGURATION MANAGEMENT |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | AirWatch - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | MobileIron - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | MobileIron - CIS Apple iOS 14 and iPadOS 14 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.4 Ensure 'Find My iPhone/iPad' is set to 'Enabled' on end-user owned devices | AirWatch - CIS Apple iOS 13 and iPadOS 13 v1.0.0 End User Owned L1 | MDM | ACCESS CONTROL |
| 4.8 Ensure S3 bucket policy changes are monitored | CIS Amazon Web Services Foundations L1 3.0.0 | amazon_aws | AUDIT AND ACCOUNTABILITY |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL |
| 5.1.2 Minimize access to secrets | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - clusterroles | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles - roles | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.4 Minimize access to create pods | CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.18 Ensure that host devices are not directly exposed to containers | CIS Docker v1.6.0 L1 Docker Linux | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Debian 9 Server L1 v1.0.1 | Unix | ACCESS CONTROL |
| 6.1.10 Ensure no world writable files exist | CIS Debian 9 Workstation L1 v1.0.1 | Unix | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | ACCESS CONTROL, MEDIA PROTECTION |
