| 1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.7 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.1 Set 'Configure use of hardware-based encryption for fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.28 Ensure that encryption providers are appropriately configured | CIS Kubernetes v1.11.1 L1 Master Node | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure that the --cert-file and --key-file arguments are set as appropriate | CIS Kubernetes v1.11.1 L1 Master Node | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.5 (L1) Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 (L2) Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User is prompted when the key is first used' or higher | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.2.4.4 Ensure pam_unix includes use_authtok | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.3.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.3.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.3.4.4 Ensure pam_unix includes use_authtok | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.3.4.4 Ensure pam_unix includes use_authtok | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure Encryption of Data at Rest - enableEncryption | CIS MongoDB 4 L2 OS Linux v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Ensure Encryption of Data at Rest - enableEncryption | CIS MongoDB 5 L2 OS Linux v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.1 Ensure strong password hashing algorithm is configured | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1.1 Ensure strong password hashing algorithm is configured | CIS AlmaLinux OS 8 Workstation L1 v3.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11.7.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11.7.5 (BL) Ensure 'Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later): Select the encryption method for operating system drives' is set to 'XTS-AES 128-bit (default)' or 'XTS-AES 256-bit' | CIS Microsoft Intune for Windows 10 v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.3.3 Ensure pam_pwhistory includes use_authtok | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.3.3 Ensure pam_pwhistory includes use_authtok | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.3.3 Ensure pam_pwhistory includes use_authtok | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.3.3 Ensure pam_pwhistory includes use_authtok | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Oracle Linux 9 v2.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.3.4.3 Ensure pam_unix includes a strong password hashing algorithm | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.4.1.4 Ensure strong password hashing algorithm is configured | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Amazon Linux 2 v3.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.1 Ensure accounts in /etc/passwd use shadowed passwords | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.7 (L1) Ensure 'WDigest Authentication' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.4.7 (L1) Ensure 'WDigest Authentication' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.1 (L1) Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.67.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.67.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.3 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.10 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for operating system drives' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.59.2 (L1) Ensure 'Allow indexing of encrypted files' is set to 'Disabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
