| 1.1 Ensure 'Web content' is on non-system partition | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 1.1.8 Session Management | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL |
| 1.1.8 Session Management | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | ACCESS CONTROL |
| 1.3.1 Ensure 'Minimum Password Complexity' is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure access to sensitive site features is restricted to authenticated principals only | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2 Ensure access to sensitive site features is restricted to authenticated principals only | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2.28 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.28 (L2) Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL |
| 2.2.28 Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.28 Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3 Ensure 'forms authentication' require SSL | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure transport layer security for 'basic authentication' is configured | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6 Ensure transport layer security for 'basic authentication' is configured | CIS IIS 8.0 v1.5.1 Level 1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3.2 Include TSIG key in named.conf 'TSIG key 2 permissions' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Ensure global .NET trust level is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.1.2.4 Ensure access on /audit and /etc/security/audit is configured | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'notListedIsapisAllowed' is set to false | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.5 Ensure Complex Password Must Contain Special Character Is Configured | CIS Apple macOS 11.0 Big Sur v4.0.0 L2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Sites | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure FTP Logon attempt restrictions is enabled - Deny By Failure Enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure FTP Logon attempt restrictions is enabled - Deny IP Address | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure HSTS Header is set - Sites | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure SSLv2 is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure SSLv2 is disabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure TLS 1.0 is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Ensure DES Cipher Suites is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC2 Cipher Suites is disabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure AES 128/128 Cipher Suite is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure AES 256/256 Cipher Suite is Enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Palo_Alto_Firewall_9_Benchmark_v1.1.0_L1.audit from CIS Palo Alto Firewall 9 Benchmark v1.1.0 | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | |
| CIS_Palo_Alto_Firewall_9_Benchmark_v1.1.0_L2.audit from CIS Palo Alto Firewall 9 Benchmark v1.1.0 | CIS Palo Alto Firewall 9 v1.1.0 L2 | Palo_Alto | |
| CIS_Palo_Alto_Firewall_10_Benchmark_v1.3.0_L2.audit from CIS Palo Alto Firewall 10 Benchmark v1.3.0 | CIS Palo Alto Firewall 10 v1.3.0 L2 | Palo_Alto | |
| EX19-MB-000008 - Exchange must have forms-based authentication enabled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| IIST-SV-000120 - All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a production IIS 10.0 server. | DISA IIS 10.0 Server v3r6 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000120 - All IIS 10.0 web server sample code, example applications, and tutorials must be removed from a production IIS 10.0 server. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000132 - The IIS 10.0 web server must separate the hosted applications from hosted web server management functionality. | DISA IIS 10.0 Server v3r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000120 - All IIS 8.5 web server sample code, example applications, and tutorials must be removed from a production IIS 8.5 server. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
