| 4.10.9.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | MEDIA PROTECTION |
| 4.10.9.1.5 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.7.1.1 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.3 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.7.1.4 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.10 (L1) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Audit client does not support encryption - AuditClientDoesNotSupportEncryption | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Detailed File Share | MSCT Windows Server 2025 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Automatic prompting for file downloads - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure hash algorithms for certificate logon - KDC PKINITSHA384 | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - Kerberos PKInitSHA1 | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - Kerberos PKInitSHA384 | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Configure registry policy processing - NoGPOListChanges | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure RPC listener settings - ForceKerberosForRpc | MSCT Windows Server 2025 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Configure RPC listener settings - RpcProtocols | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure SMB v1 client driver - Start | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Control whether exclusions are visible to local users | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Don't run antimalware programs against ActiveX controls - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000043 - The Password Manager must be disabled. | DISA STIG Edge v2r2 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enable authentication rate limiter - EnableAuthRateLimiter | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Force shutdown from a remote system | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - explorer.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - iexplore.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - explorer.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_WINDOW_RESTRICTIONS - iexplore.exe | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Trusted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Trusted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Logon options - Internet Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Manage auditing and security log (DEPRECATED) | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| Mandate the minimum version of SMB - MinSmb2Dialect | MSCT Windows Server 2025 MS v1.0.0 | Windows | |
| MSS: (DisableIPSourceRouting) IP source routing protection level - DisableIPSourceRouting | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2025 MS v1.0.0 | Windows | ACCESS CONTROL |
| PANW-AG-000036 - The Palo Alto Networks security platform must disable WMI probing if it is not used. | DISA STIG Palo Alto ALG v3r4 | Palo_Alto | CONFIGURATION MANAGEMENT |
| Prevent bypassing Windows Defender SmartScreen prompts for sites | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Prevent bypassing Windows Defender SmartScreen prompts for sites | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Profile single process | MSCT Windows Server 2019 MS v1.0.0 | Windows | ACCESS CONTROL |
| Run .NET Framework-reliant components not signed with Authenticode - Internet Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Sign-in last interactive user automatically after a system-initiated restart | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Turn off the Security Settings Check feature | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on SmartScreen Filter scan - Internet Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - ConfigureSystemGuardLaunch | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - EnableVirtualizationBasedSecurity | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
