I was able to repro this. Disabling both shared memory and hiding the instance results in SQL Server Agent not being able to connect to MACHINE\INSTANCE. And it's not unique to Agent. The same type of login also fails from SSMS. I had to to use localhost,nnn, where nnn is the port number.
When enabled Shared memory but kept the instance hidden, I could connect with MACHINE\INSTANCE and Agent was able to start. I don't about this CIS Benchmark, but either they are saying silly things, or there is some misunderstanding: I see little point in disabling shared memory.
And hiding the instance? Maybe, but this means that clients will need to connect by port number.