This feature is available in Enterprise Edition only.
This feature is actively developed. It might significantly change in the future.

How to view all resources that have not passed CIS compliance checks?

kubectl get cis -ojson | 
  jq '.status.detailReport.results | map(select(.checks | map(.success) | all | not))'

How to view resources that have not passed a specific CIS compliance check?

By check id:

kubectl get cis -ojson | 
  jq --arg check_id "$check_id" '.status.detailReport.results | map(select(.id == $check_id))'

By check description:

check_desc="Apply Security Context to Your Pods and Containers"
kubectl get cis -ojson |
  jq --arg check_desc "$check_desc" '.status.detailReport.results | map(select(.description == $check_desc))'