| 1.1 Ensure access to SharePointEmailws.asmx is limited to only the server farm account | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2 Ensure that the SharePoint Central Administration Site is TLS-enabled - Port 443 | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Ensure specific whitelisted IP addresses, IP address ranges, and/or domains are set | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Ensure the SharePoint setup account is configured with the minimum privileges in Active Directory. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.5 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.5 Ensure the SharePoint setup account is configured with the minimum privileges on the SQL server - db_owner | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 2.5 Ensure the SharePoint setup account is configured with the minimum privileges on the SQL server. | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 2.6 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges on the SQL server - Roles | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| 2.9 Ensure Dbcreator and Securityadmin roles are only used as needed | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL |
| 3.1 Ensure a secondary SharePoint site collection administrator has been defined on each site collection. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Ensure SharePoint identifies data type, specification, and usage when transferring information between different security domains. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Scan on download | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidth | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxConnections | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure that On-Premise SharePoint servers is configured without OneDrive redirection linkages. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.1 Ensure SharePoint displays an approved system use notification message or banner before granting access to the system. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 5.2 Ensure External File System Access is disabled - enable file access | CIS Sybase 15.0 L1 DB v1.1.0 | SybaseDB | |
| 6.2 Ensure SharePoint is configured with HTTPS connections | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Ensure that the SafeControls list is set to the minimum set of controls needed for your sites | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - AllowPageLevelTrace | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.4 Ensure the SharePoint CallStack and AllowPageLevelTrace 'SafeMode' parameters are set to false - CallStack | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Allow scripts in one-off Outlook forms | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow Trusted Locations on the network - allownetworklocations - ms project | MSCT Office 2016 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| CIS Control 6 (6.2(b)) Activate Audit Logging | CAS Implementation Group 1 Audit File | Unix | AUDIT AND ACCOUNTABILITY |
| CIS_Apache_Cassandra_3.11_v1.0.0_L1_OS_Unix.audit from CIS Apache Cassandra 3.11 Benchmark v1.0.0 | CIS Apache Cassandra 3.11 L1 Unix Audit v1.0.0 | Unix | |
| CIS_Cisco_IOS_15_v4.1.1_Level_2.audit from CIS Cisco IOS 15 Benchmark | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | |
| CIS_Debian_Linux_9_Server_v1.0.1_L2.audit from CIS Debian Linux 9 Benchmark | CIS Debian 9 Server L2 v1.0.1 | Unix | |
| CIS_Debian_Linux_9_Workstation_v1.0.1_L1.audit from CIS Debian Linux 9 Benchmark | CIS Debian 9 Workstation L1 v1.0.1 | Unix | |
| CIS_IBM_DB2_9_Benchmark_v3.0.1_Level_2_OS_Windows.audit from CIS IBM DB2 9 Benchmark v3.0.1 | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| CIS_MacOS_Safari_Benchmark_v2.0.0_L1.audit from CIS MacOS Safari Benchmark v2.0.0 | CIS MacOS Safari v2.0.0 L1 | Unix | |
| CIS_Oracle_Server_12c_v3.0.0_L1_Windows.audit from CIS Oracle Database 12c Benchmark v3.0.0 | CIS Oracle Server 12c Windows v3.0.0 | Windows | |
| CIS_VMware_ESXi_6.5_v1.0.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.5 v1.0.0 benchmark | CIS VMware ESXi 6.5 v1.0.0 Level 1 Bare Metal | Unix | |
| CIS_VMware_ESXi_6.7_v1.3.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.7 Benchmark v1.3.0 | CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal | Unix | |
| Configure Outlook object model prompt when accessing an address book | MSCT Office 2016 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Outlook object model prompt When accessing the Formula property of a UserProperty object | MSCT Office 2016 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| dBase III / IV files | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Do not allow Outlook object model scripts to run for shared folders | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Do not open files from the Internet zone in Protected View - disableinternetfilesinpv - powerpoint | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Minimum encryption settings | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSCT_Office_2016_v1.0.0.audit from MSCT Office 2016 Baseline | MSCT Office 2016 v1.0.0 | Windows | |
| Set default file block behavior - openinprotectedview - excel | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Signature Warning | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn off file validation - enableonload - excel | MSCT Office 2016 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Microsoft consumer experiences | MSCT Windows 11 v22H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Microsoft consumer experiences | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Protected View for attachments opened from Outlook - disableattachmentsinpv - excel | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn off Protected View for attachments opened from Outlook - disableattachmentsinpv - powerpoint | MSCT Office 2016 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
