| 1.157 WN10-CC-000275 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.10.4.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 4.11.36.4.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 4.11.36.4.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 4.11.36.4.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.11.36.4.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.3.1 (L1) Ensure 'Include command line in process creation events' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - communicator.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - Firefox plugin-container.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - rar.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - realconverter.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - WindowsLiveWriter.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' - WLXPhotoGallery.exe | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - 7zFM.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - googletalk.exe | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - mirc.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - QuickTimePlayer.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - realconverter.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - safari.exe | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - skydrive.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - skype.exe | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.4 Ensure 'Default Protections for Popular Software' is set to 'Enabled' - winamp.exe | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.25.4 (L1) Ensure 'Default Protections for Popular Software' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.77.1.3 Ensure 'Notify Password Reuse' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.77.1.3 Ensure 'Notify Password Reuse' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.77.1.3 Ensure 'Notify Password Reuse' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.77.1.4 Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.77.1.4 Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 49.22 (L1) Ensure 'Network Security: Allow PKU2U authentication requests' is set to 'Block' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| CIS_MS_Windows_7_v3.2.0_Bitlocker.audit from CIS Microsoft Windows 7 Workstation Benchmark v3.2.0 | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | |
| CIS_MS_Windows_7_v3.2.0_Level_2_Bitlocker.audit from CIS Microsoft Windows 7 Workstation Benchmark v3.2.0 | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | |
| O365-CO-000015 - Consistent MIME handling must be enabled for all Office 365 ProPlus programs. | DISA Microsoft Office 365 ProPlus STIG v3r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Prevent installation of devices using drivers that match these device setup classes - 1 | MSCT Windows 11 v22H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 11 v22H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClasses | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v22H2 v1.0.0 | Windows | MEDIA PROTECTION |
| Prevent installation of devices using drivers that match these device setup classes - DenyDeviceClassesRetroactive | MSCT Windows 11 v24H2 v1.0.0 | Windows | MEDIA PROTECTION |
| WN10-CC-000275 - Local drives must be prevented from sharing with Remote Desktop Session Hosts. | DISA Microsoft Windows 10 STIG v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-CC-000280 - Remote Desktop Services must always prompt a client for passwords upon connection. | DISA Microsoft Windows 10 STIG v3r6 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-CC-000100 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL, MAINTENANCE |
| WN16-CC-000370 - Passwords must not be saved in the Remote Desktop Client. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-CC-000340 - Windows Server 2019 must not save passwords in the Remote Desktop Client. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN25-CC-000340 - Windows Server 2025 must not save passwords in the Remote Desktop Client. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
