| 1.2 Ensure 'Host headers' are on all sites - host headers are on all sites | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 1.3 Ensure 'directory browsing' is set to disabled | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 1.4 Ensure 'application pool identity' is configured for all application pools | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.8 Ensure the default ulimit is configured appropriately - daemon.json nofile hard | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.8 Ensure the default ulimit is configured appropriately - daemon.json nproc hard | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.8 Ensure the default ulimit is configured appropriately - ps | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.9 Enable user namespace support - /etc/subgid | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.9 Enable user namespace support - /etc/subuid | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.9 Enable user namespace support - SecurityOptions | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.11 Ensure base device size is not changed until needed - daemon.json | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.11 Ensure base device size is not changed until needed - dockerd | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.15 Ensure live restore is enabled | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | CIS Docker v1.5.0 L2 Docker Linux | Unix | |
| 2.18 Ensure that experimental features are not implemented in production | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.1.1 Level 2 | Windows | |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 10 v1.1.1 Level 2 | Windows | |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 4.5 Ensure Double-Encoded requests will be rejected - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 4.5 Ensure Double-Encoded requests will be rejected - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 4.5 Ensure Double-Encoded requests will be rejected - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 4.5.1 Configure Image Provenance using ImagePolicyWebhook admission controller | CIS Google Kubernetes Engine (GKE) v1.3.0 L2 | GCP | |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 4.8 Ensure Handler is not granted Write and Script/Execute - Default | CIS IIS 10 v1.1.1 Level 1 | Windows | |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.2.0 Level 1 | Windows | |
| 5.10 Ensure that the memory usage for containers is limited | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 5.11 Ensure that CPU priority is set appropriately on containers | CIS Docker v1.5.0 L1 Docker Linux | Unix | |
| 7.1 Ensure HSTS Header is set - Server | CIS IIS 10 v1.2.0 Level 2 | Windows | |
| 7.1 Ensure HSTS Header is set - Sites | CIS IIS 10 v1.1.1 Level 2 | Windows | |
