| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Domain member: Digitally sign secure channel data (when possible) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download signed ActiveX controls - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000004 - The list of domains for which Microsoft Defender SmartScreen will not trigger warnings must be allowlisted if used. | DISA STIG Edge v2r2 | Windows | MAINTENANCE |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Enable local admin password management | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Enable Structured Exception Handling Overwrite Protection (SEHOP) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Encryption Oracle Remediation | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enumeration policy for external devices incompatible with Kernel DMA Protection | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Include local path when user is uploading files to a server - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_SECURITYBAND - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_SECURITYBAND - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Java permissions - Locked-Down Intranet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Lock pages in memory | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Logon options - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Manage auditing and security log | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Navigate windows and frames across different domains - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| NetBT NodeType configuration | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict clients allowed to make remote calls to SAM | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) servers | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent per-user installation of ActiveX controls | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Relax minimum password length limits | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Reset account lockout counter after | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Run .NET Framework-reliant components not signed with Authenticode - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Show security warning for potentially unsafe files - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Show security warning for potentially unsafe files - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Sign-in and lock last interactive user automatically after a restart | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Take ownership of files or other objects | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Turn off Autoplay | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn off multicast name resolution | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off the Security Settings Check feature | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn On Virtualization Based Security - LsaCfgFlags | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - RequirePlatformSecurityFeatures | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| User Account Control: Run all administrators in Admin Approval Mode | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Virtualize file and registry write failures to per-user locations | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Userdata persistence - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| VM Tools: guest-8.tools-updates | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
