| 2.2.9 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.7.2 Ensure 'Prevent automatic download of applications associated with device metadata' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent automatic download of applications associated with device metadata' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent automatic download of applications associated with device metadata' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent automatic download of applications associated with device metadata' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.2 Ensure 'Prevent automatic download of applications associated with device metadata' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.59.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.9.3.8 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.8 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.8 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.8 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL | Windows | MEDIA PROTECTION |
| 19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 19.1.3.4 Ensure 'Screen saver timeout' is set to 'Enabled: 900 seconds or fewer, but not 0' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| CIS Control 13 (13.6) Encrypt Mobile Device Data | CAS Implementation Group 1 Audit File | Unix | ACCESS CONTROL |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L1_Workstation.audit from CIS Amazon Linux 2 STIG v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L2_Server.audit from CIS Amazon Linux 2 STIG v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | |
| CIS_Apache_Cassandra_3.11_v1.0.0_L1_OS_Unix.audit from CIS Apache Cassandra 3.11 Benchmark v1.0.0 | CIS Apache Cassandra 3.11 L2 Unix Audit v1.0.0 | Unix | |
| CIS_Apache_Tomcat_8_L1_v1.1.0.audit from CIS Apache Tomcat 8 Benchmark | CIS Apache Tomcat 8 L1 v1.1.0 | Unix | |
| CIS_Apache_Tomcat_8_L2_v1.1.0.audit from CIS Apache Tomcat 8 Benchmark | CIS Apache Tomcat 8 L2 v1.1.0 | Unix | |
| CIS_Apache_Tomcat_10_L1_v1.1.0.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L1 v1.1.0 | Unix | |
| CIS_Apache_Tomcat_10_L2_v1.1.0.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | |
| CIS_CentOS_Linux_7_v4.0.0_L2_Workstation.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L2 Workstation | Unix | |
| CIS_Cisco_IOS_15_v4.1.1_Level_1.audit from CIS Cisco IOS 15 Benchmark | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | |
| CIS_Debian_Linux_9_Server_v1.0.1_L1.audit from CIS Debian Linux 9 Benchmark | CIS Debian 9 Server L1 v1.0.1 | Unix | |
| CIS_Debian_Linux_9_Workstation_v1.0.1_L1.audit from CIS Debian Linux 9 Benchmark | CIS Debian 9 Workstation L2 v1.0.1 | Unix | |
| CIS_Microsoft_SQL_Server_2025_v1.0.0_L1_AWS_RDS_Windows.audit from CIS Microsoft SQL Server 2025 v1.0.0 | CIS Microsoft SQL Server 2025 v1.0.0 L1 AWS RDS Windows | Windows | |
| CIS_MongoDB_3.4_Benchmark_Level_1_OS_Windows_v1.0.0.audit from CIS MongoDB 3.4 Benchmark v1.0.0 | CIS MongoDB 3.4 L1 Windows Audit v1.0.0 | Windows | |
| CIS_Oracle_Database_23ai_v1.1.0_L1_RDBMS_On_Linux_Host_OS_Unix.audit from CIS Oracle Database 23ai Benchmark v1.1.0 | CIS Oracle Database 23ai v1.1.0 L1 RDBMS On Linux Host OS Unix | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L1_Server.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Oracle_Linux_8_STIG_v1.0.0_CAT_I.audit from CIS Oracle Linux 8 STIG v1.0.0 | CIS Oracle Linux 8 STIG v1.0.0 CAT I | Unix | |
| CIS_SUSE_Linux_Enterprise_15_v2.0.1_L1_Server.audit from CIS SUSE Linux Enterprise 15 v2.0.1 | CIS SUSE Linux Enterprise 15 v2.0.1 L1 Server | Unix | |
| CIS_Ubuntu_Linux_18.04_LTS_v2.2.0_L1_Workstation.audit from CIS Ubuntu Linux 18.04 LTS v2.2.0 | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | |
| CIS_Ubuntu_Linux_20.04_LTS_v3.0.0_L1_Workstation.audit from CIS Ubuntu Linux 20.04 LTS 3.0.0 | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation | Unix | |
| CIS_Ubuntu_Linux_22.04_LTS_v3.0.0_L1_Workstation.audit from CIS Ubuntu Linux 22.04 LTS 3.0.0 | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation | Unix | |
| CIS_Ubuntu_Linux_24.04_LTS_v1.0.0_L2_Workstation.audit from CIS Ubuntu Linux 24.04 LTS 1.0.0 | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | |
| CIS_VMware_ESXi_6.5_v1.0.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.5 v1.0.0 benchmark | CIS VMware ESXi 6.5 v1.0.0 Level 2 Bare Metal | Unix | |
| CIS_VMware_ESXi_6.7_v1.3.0_L1_Bare_Metal.audit from CIS VMware ESXi 6.7 Benchmark v1.3.0 | CIS VMware ESXi 6.7 v1.3.0 Level 1 Bare Metal | Unix | |
