| 1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.3.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 1.6.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.8 Benchmark v1.2.0 L2 | Unix | |
| 1.6.6 Apply Security Context to Your Pods and Containers | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L2 | Unix | |
| 2.1.4 (L2) Ensure Safe Attachments policy is enabled | CIS Microsoft 365 Foundations v5.0.0 L2 E5 | microsoft_azure | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.5.2 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 (L1) Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.4 Ensure 'Domain controller: LDAP server signing requirements' is set to 'Require signing' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.10 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or 'Force Logoff' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.10 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) servers' is set to 'Require NTLMv2 session security, Require 128-bit encryption' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.6 Implement DNSSEC 'INCLUDE' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.3 Apply Security Context to Pods and Containers | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 4.6.3 Apply Security Context to Pods and Containers | CIS Google Kubernetes Engine (GKE) v1.7.0 L2 | GCP | CONFIGURATION MANAGEMENT |
| 4.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.6.9.2 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.6.3 Apply Security Context to Your Pods and Containers | CIS Kubernetes v1.11.1 L2 Master Node | Unix | CONFIGURATION MANAGEMENT |
| 5.7.3 Apply Security Context to Your Pods and Containers | CIS Red Hat OpenShift Container Platform v1.7.0 L2 | OpenShift | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 (L1) Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.25.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 20.13 (L1) Ensure 'Web browser is supported and secured' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CL-000280 - Adobe Acrobat Pro DC Classic access to unknown websites must be restricted. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| DTOO120 - Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked. | DISA STIG Microsoft Excel 2016 v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO120 - Open/Save actions for web pages and Excel 2003 XML spreadsheets must be blocked. | DISA STIG Microsoft Excel 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| DTOO203 - Legacy format signatures must be enabled. | DISA STIG Microsoft Office System 2013 v2r2 | Windows | CONFIGURATION MANAGEMENT |
| DTOO203 - Office System - Legacy format signatures must be enabled. | DISA STIG Office System 2010 v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN19-DC-000280 - Windows Server 2019 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000280 - Windows Server 2022 domain controllers must have a PKI server certificate. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
