| 1.8.6.1 Ensure 'Default File Format' is set to Enabled (Word Document (.docx)) | CIS Microsoft Office Word 2013 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.10.9.1.2 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Intune for Windows 11 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 6.1.1 Ensure that 'security defaults' is enabled in Microsoft Entra ID | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 9.1.7.2 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' | CIS Microsoft Azure Foundations v4.0.0 L2 | microsoft_azure | RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION |
| 17.2.1 Ensure 'Audit Application Group Management' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 18.8.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | MEDIA PROTECTION |
| 18.9.7.1.1 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.8 (L1) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| Access Credential Manager as a trusted caller | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Access data sources across domains - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Account lockout duration | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow file downloads | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow loading of XAML files - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow scriptlets - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Windows Ink Workspace - AllowWindowsInkWorkspace | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Always install with elevated privileges - AlwaysInstallElevated | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Always prompt for password upon connection - fPromptForPassword | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Audit Audit Policy Change | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Computer Account Management | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Object Access Events | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Policy Change Events | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit PNP Activity | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Back up files and directories | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| DISA_STIG_Microsoft_Office_Access_2016_v1r1.audit for Microsoft Office Access 2016, from DISA STIG Microsoft Office Access 2016 v1r1 | DISA STIG Microsoft Office Access 2016 v1r1 | Windows | |
| Microsoft network client: Send unencrypted password to third-party SMB servers | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Perform volume maintenance tasks | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Prevent bypassing Windows Defender SmartScreen prompts for sites | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent downloading of enclosures - DisableEnclosureDownload | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent enabling lock screen slide show - NoLockScreenSlideshow | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Prevent managing SmartScreen Filter | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Remove 'Run this time' button for outdated ActiveX controls in Internet Explorer | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Security Zones: Do not allow users to add/delete sites | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Select cloud protection level | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Set authentication rate limiter delay (milliseconds) - InvalidAuthenticationDelayTimeInMs | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Sign-in and lock last interactive user automatically after a restart - DisableAutomaticRestartSignOn | MSCT Windows Server 2025 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) - ProtectionMode | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| This settings controls whether Network Protection is allowed to be configured into block or audit mode on Windows Server. | MSCT Windows Server 2025 DC v2506 v1.0.0 | Windows | |
| Turn off Crash Detection | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off multicast name resolution - EnableMulticast | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on certificate address mismatch warning | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on Protected Mode - Restricted Sites Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on SmartScreen Filter scan - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest Main | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest Passwords | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn On Virtualization Based Security - HVCIMATRequired | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Windows Defender Firewall: Allow logging - LogFileSize | MSCT Windows 10 v20H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Windows Defender Firewall: Protect all network connections - Domain Profile | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
