| 1.8 Ensure 'Attachment Filtering Agent' is configured | CIS Microsoft Exchange Server 2019 L1 Edge v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.13.10 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Defender Antivirus v1.0.0 L1 Workstation | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.35 (L1) Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure that the MIN_DATA_RETENTION_TIME_IN_DAYS account parameter is set to 7 or higher | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | AUDIT AND ACCOUNTABILITY, CONTINGENCY PLANNING, SYSTEM AND INFORMATION INTEGRITY |
| 4.7 Ensure the set_user extension is installed | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 5.5.4 Ensure default user umask is 027 or more restrictive - '/etc/bash.bashrc' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | ACCESS CONTROL |
| 5.5.6 Ensure user and group account administration utilities are configured to store only encrypted representations of passwords | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.9.11.2.11 (BL) Ensure 'Configure minimum PIN length for startup' is set to 'Enabled: 7 or more characters' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.42.13.4 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.13.4 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2022 v5.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.13.4 Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.43.13.4 (L1) Ensure 'Trigger a quick scan after X days without any scans' is set to 'Enabled: 7' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 89.15 (L1) Ensure 'Deny Remote Desktop Services Log On' to include 'Guests, Local account' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CIS_CentOS_Linux_7_v4.0.0_L1_Workstation.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_CentOS_Linux_7_v4.0.0_L2_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L2 Server | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L1_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | |
| CIS_Oracle_Linux_7_v4.0.0_L2_Workstation.audit from CIS Oracle Linux 7 Benchmark v4.0.0 | CIS Oracle Linux 7 v4.0.0 L2 Workstation | Unix | |
| DISA_STIG_Kubernetes_v2r5.audit from DISA Kubernetes v2r5 STIG | DISA STIG Kubernetes v2r5 | Unix | |
| DISA_STIG_Microsoft_Skype_Business_2016_v2r1.audit from DISA Microsoft Skype for Business 2016 v2r1 STIG | DISA STIG Microsoft Skype for Business 2016 v2r1 | Windows | |
| DISA_STIG_Microsoft_Windows_2012_Server_DNS_v2r7.audit from DISA Microsoft Windows 2012 Server Domain Name System v2r7 STIG | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | |
| DISA_STIG_Mozilla_Firefox_v6r7_Linux.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox Linux v6r7 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r7_MacOS.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r7_Windows.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox Windows v6r7 | Windows | |
| DTBI031 - The Java Permissions must be disallowed (Internet zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI031-IE11 - The Java permissions must be disallowed (Internet zone). | DISA STIG IE 11 v2r6 | Windows | CONFIGURATION MANAGEMENT |
| DTBI121 - Java Permissions must be disallowed (Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| DTBI121-IE11 - Java permissions must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r6 | Windows | CONFIGURATION MANAGEMENT |
| DTBI425-IE11 - Java permissions must be disallowed (Local Machine zone). | DISA STIG IE 11 v2r6 | Windows | CONFIGURATION MANAGEMENT |
| DTBI450 - Java permissions must be disallowed (Locked Down Restricted Sites zone). | DISA STIG Microsoft Internet Explorer 9 v1r15 | Windows | CONFIGURATION MANAGEMENT |
| TCAT-AS-001690 - ENFORCE_ENCODING_IN_GET_WRITER must be set to true. | DISA STIG Apache Tomcat Application Server 9 v3r3 Middleware | Unix | CONFIGURATION MANAGEMENT |
| TNS_Best_Practice_RedHat_JBoss_v7_Linux.audit from TNS Best Practice JBoss 7 Linux | TNS Best Practice JBoss 7 Linux | Unix | |
| VCLU-80-000152 The vCenter Lookup service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCPF-80-000152 The vCenter Perfcharts service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCST-80-000152 The vCenter STS service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| VCUI-80-000152 The vCenter UI service must enable 'ENFORCE_ENCODING_IN_GET_WRITER'. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
