| 5.2.11 Minimize the admission of Windows HostProcess Containers | CIS Kubernetes v1.11.1 L1 Master Node | Unix | SYSTEM AND SERVICES ACQUISITION |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 6.21 (L1) Ensure 'Policy Change Audit MPSSVC Rule Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 7.6 Set 'Scripted Window Security Restrictions' to 'Enabled' - explorer.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 17.7.3 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 (L1) Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.5 Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.91.2 (L1) Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.91.3 (L1) Ensure 'Allow networking in Windows Sandbox' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 81.11 (L1) Ensure 'LxssManager (LxssManager)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows 10 1809 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server 1903 MS v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server v1909 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server v2004 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows Server 2019 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Internet Zone | MSCT Windows 11 v23H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow script-initiated windows without size or position constraints - Restricted Sites Zone | MSCT Windows 11 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| DTBI390 - Script-initiated windows without size or position constraints must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI495-IE11 - Pop-up Blocker must be enforced (Internet zone). | DISA STIG IE 11 v2r5 | Windows | CONFIGURATION MANAGEMENT |
| DTBI500 - Pop-up Blocker must be enforced (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Internet Zone | MSCT Windows 10 1803 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Internet Zone | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Internet Zone | MSCT Windows 10 v21H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows 10 v1507 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows 10 1903 v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows 10 1909 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows 10 v20H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows Server v20H2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows Server 2016 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows Server 2022 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows Server 2025 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Use Pop-up Blocker - Restricted Sites Zone | MSCT Windows 11 v22H2 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| WN19-00-000160 - Windows Server 2019 permissions for the Windows installation directory must conform to minimum requirements. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL |
| WN19-CC-000430 - Windows Server 2019 must disable the Windows Installer Always install with elevated privileges option. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-00-000160 - Windows Server 2022 permissions for the Windows installation directory must conform to minimum requirements. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-CC-000430 - Windows Server 2022 must disable the Windows Installer Always install with elevated privileges option. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
