| 1.1.3.2.4 Configure 'Audit: Audit the access of global system objects' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.10.10 Set 'Network access: Remotely accessible registry paths' to the following list | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| SQLI-22-004300 - SQL Server must be configured to generate audit records for DOD-defined auditable events within all DBMS/database components. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000006 - All Direct Access traffic must be routed through the internal network. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000021 - A system restore point must be created when a new device driver is installed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000035 - Errors in handwriting recognition on tablet PCs must not be reported to Microsoft. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000038 - The Internet File Association service must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000045 - The Windows Customer Experience Improvement Program must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000062 - Remote Assistance log files must be generated. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000074 - Autoplay must be disabled for all drives. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000086 - The Setup event log size must be configured to 32768 KB or greater. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000087 - The System event log size must be configured to 32768 KB or greater. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | AUDIT AND ACCOUNTABILITY |
| WN12-CC-000105 - Attachments must be prevented from being downloaded from RSS feeds. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000106 - Basic authentication for RSS feeds over HTTP must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000110 - The Windows Store application must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000115 - Users must be prevented from changing installation options. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000122 - Windows Media Player must be configured to prevent automatic checking for updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000124 - The Windows Remote Management (WinRM) client must not allow unencrypted traffic. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | MAINTENANCE |
| WN12-CC-000132 - Users must be prevented from mapping local COM ports and redirecting data from the Remote Desktop Session Host to local COM ports. (Remote Desktop Services Role). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-CC-000141 - The setting to allow Microsoft accounts to be optional for modern style apps must be enabled (Windows 2012 R2). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000001 - Systems must be maintained at a supported OS or service pack level. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000014 - Outdated or unused accounts must be removed from the system or disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN12-GE-000025 - The system must query the certification authority to determine whether a public key certificate has been revoked before accepting the certificate for authentication purposes. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-PK-000003 - The DoD Interoperability Root CA cross-certificates must be installed into the Untrusted Certificates Store on unclassified systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000008 - Auditing of Backup and Restore Privileges must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000011 - Ejection of removable NTFS media must be restricted to Administrators. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000013 - Outgoing secure channel traffic must be encrypted when possible. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000014 - Outgoing secure channel traffic must be signed when possible. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000035 - The service principal name (SPN) target name validation level must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000036 - Automatic logons must be disabled. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000038 - The system must be configured to prevent IP source routing. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000042 - IPSec Exemptions must be limited. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000044 - The system must be configured to disable the Internet Router Discovery Protocol (IRDP). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000057 - Unauthorized remotely accessible registry paths and sub-paths must not be configured. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000063 - PKU2U authentication using online identities must be prevented. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000069 - The system must be configured to meet the minimum session security requirement for NTLM SSP-based clients. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000075 - The system must be configured to require case insensitivity for non-Windows subsystems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SO-000082 - User Account Control must only elevate UIAccess applications that are installed in secure locations. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000084 - User Account Control must switch to the secure desktop when prompting for elevation. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SV-000101 - The Microsoft FTP service must not be installed unless required. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000104 - The Simple TCP/IP Services service must be disabled if installed. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000008 - Windows Help Ratings feedback must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UC-000010 - Mechanisms for removing zone information from file attachments must be hidden. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-UR-000005 - The Allow log on locally user right must only be assigned to the Administrators group. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000018-MS - The Deny log on as a batch job user right on member servers must be configured to prevent access from highly privileged domain accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN16-MS-000120 - Windows Server 2016 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-MS-000140 - Windows Server 2019 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-MS-000140 - Windows Server 2025 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
