| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.10.8 (L1) Ensure 'Network access: Remotely accessible registry paths and sub-paths' is configured | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.10.8 Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.10.8 Ensure 'Network access: Remotely accessible registry paths and sub-paths' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.13.1 Ensure 'Shutdown: Allow system to be shut down without having to log on' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.044 - Terminal Services is configured to use a common temporary folder for all sessions. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.045 - Terminal Services is not configured to delete temporary folders. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002057 - AIX audit logs must be rotated daily. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| ARDC-CN-000005 - Adobe Reader DC must enable Enhanced Security in a Standalone Application. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000035 - Adobe Reader DC must prevent opening files other than PDF or FDF. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000045 - Adobe Reader DC must block Flash Content. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000050 - Adobe Reader DC must disable the ability to change the Default Handler. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000080 - Adobe Reader DC must disable Acrobat Upsell. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000315 - Adobe Reader DC must disable the ability to add Trusted Files and Folders. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000320 - Adobe Reader DC must disable the ability to elevate IE Trusts to Privileged Locations. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| DISA STIG VMware vSphere ESXi 6 Security Technical Implementation Guide Version 1 Release 5 | DISA VMware vSphere ESXi 6.0 STIG v1r5 Unix | Unix | |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Managed_Client_v1r5.audit from DISA McAfee VSEL 1.9/2.0 Managed Client v1r5 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | |
| DISA_STIG_Microsoft_Project_2016_v1r1.audit for Microsoft Project 2016, from DISA STIG Microsoft Project 2016 v1r1 | DISA STIG Microsoft Project 2016 v1r1 | Windows | |
| DISA_STIG_Splunk_Enterprise_8.x_for_Linux_REST_API_v2r3.audit from DISA Splunk Enterprise 8.x for Linux v2r3 STIG | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG REST API | Splunk | |
| VCWN-65-000068 - The vCenter Server for Windows must use LDAPS when adding an SSO identity source. | DISA VMware vSphere 6.5 vCenter Server for Windows STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN16-DC-000250 - Windows Server 2016 must be configured to audit DS Access - Directory Service Access failures. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000090 - Windows Server 2019 Active Directory Group Policy objects must have proper access control permissions. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
| WN19-DC-000210 - Windows Server 2019 Active Directory AdminSDHolder object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000230 - Windows Server 2019 must be configured to audit Account Management - Computer Account Management successes. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000240 - Windows Server 2019 must be configured to audit DS Access - Directory Service Access successes. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000260 - Windows Server 2019 must be configured to audit DS Access - Directory Service Changes successes. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000391 - Windows Server 2019 must be configured for certificate-based authentication for domain controllers. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
| WN19-DC-000401 - Windows Server 2019 must be configured for named-based strong mappings for certificates. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
| WN22-DC-000080 - Windows Server 2022 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-DC-000130 - Windows Server 2022 domain controllers must run on a machine dedicated to that function. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000250 - Windows Server 2022 must be configured to audit DS Access - Directory Service Access failures. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-DC-000406 - Windows Server 2022 must be configured for name-based strong mappings for certificates. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN25-DC-000080 - Windows Server 2025 Active Directory SYSVOL directory must have the proper access control permissions. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-DC-000240 - Windows Server 2025 must be configured to audit DS Access - Directory Service Access successes. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
