| 1.2 Ensure 'Host headers' are on all sites | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 1.3 Do not use development tools in production | CIS Docker 1.6 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'Directory browsing' is set to Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.4 Ensure Service Runlevel Is Registered And Set Correctly | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.4 Ensure Service Runlevel Is Registered And Set Correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.4 Ensure systemd Service Files Are Enabled | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure aufs storage driver is not used | CIS Docker v1.7.0 L1 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.9 Enable user namespace support | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure the default cgroup usage has been confirmed | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.17 Ensure that a daemon-wide custom seccomp profile is applied if appropriate | CIS Docker v1.7.0 L2 Docker - Linux | Unix | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure Double-Encoded requests will be rejected - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure Double-Encoded requests will be rejected - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 6.3 Ensure 'Postmaster' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.3 Ensure 'Postmaster' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.3 Ensure 'Postmaster' Runtime Parameters are Configured | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | SYSTEM AND SERVICES ACQUISITION |
