Agree this would be nice to have an update to the CIS document. Would just add (and Tomer Sole will roll over in his sleep 🙂 if I don't mention the Firewall STIG requirements included in the Compliance Blade (see ATRG Compliance Blade). Again, not everything you're looking for, but it's a start.
Firewall STIG refers to the Network Firewall Security Technical Implementation Guide published by the Defense Information Systems Authority (DISA). The requirements supported are based on version 8, release 13 (see screenshot below from our cloud demo).
Best to view for yourself in the SmartConsole cloud demo. Go to Logs & Monitor, click on New Tab, click on Open Compliance View, click on See All in the lower right Regulatory Compliance quadrant, select STIG. Each requirement may have more than one security best practice associated with it.