| 1.6 Ensure 'application pool identity' is configured for anonymous user identity | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 2.3.6.2 Ensure 'Domain member: Digitally encrypt secure channel data (when possible)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.7.3 Configure 'Interactive logon: Message text for users attempting to log on' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.9.3 Ensure 'Microsoft network server: Digitally sign communications (if client agrees)' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.17.2 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Run all administrators in Admin Approval Mode' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.3 Ensure Custom Error Messages are not Off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.10 Ensure global .NET trust level is configured - Applications | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 3.10 Ensure global .NET trust level is configured - Default | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 7 L1 v1.8.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 5.13 Ensure 'Peer Networking Identity Manager (p2pimsvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.16 Ensure 'Remote Access Auto Connection Manager (RasAuto)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.29 Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.32 Ensure 'Windows Event Collector (Wecsvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.1 Ensure FTP requests are encrypted - Data Channel Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is enabled | CIS IIS 7 L1 v1.8.0 | Windows | |
| 7.9 Ensure RC2 Cipher Suites is disabled - RC2 56/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure RC4 Cipher Suites is disabled - RC4 56/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure RC4 Cipher Suites is disabled - RC4 128/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.12 Ensure AES 128/128 Cipher Suite is configured | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.13 Ensure AES 256/256 Cipher Suite is enabled - Enabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.8 Ensure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNet | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOndomain | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - EnableRegistrars | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.7.1.1 Ensure 'Prevent installation of devices using drivers that match these device setup classes' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | MEDIA PROTECTION |
| 18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.6 Ensure 'Turn off Internet File Association service' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.14 Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.47.5.1 Ensure 'Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.12 Ensure 'Configure use of smart cards on removable data drives: Require use of smart cards on removable data drives' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.77.3.1 Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AOSX-14-003005 - The macOS system must map the authenticated identity to the user or group account for PKI-based authentication. | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000320 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| MS.DEFENDER.1.3v1 - All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy. | CISA SCuBA Microsoft 365 Defender v1.5.0 | microsoft_azure | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| SYMP-AG-000460 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography to generate cryptographic hashes. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000470 - Symantec ProxySG providing reverse proxy encryption intermediary services must implement NIST FIPS-validated cryptography for digital signatures. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
