| 18.10.93.2.3 (L1) Ensure 'Enable features introduced via servicing that are off by default' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| Audit Account Lockout | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Shut down system immediately if unable to log security audits | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Backup files and directories | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Debug programs | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Default Protections for Internet Explorer | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - FoxitReader | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - LiveWriter | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - RealPlayer | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - UnRAR | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - AcrobatReader | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre7_javaw | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Wordpad | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Deny access to this computer from the network | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Devices: Prevent users from installing printer drivers | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Domain controller: Allow server operators to schedule tasks | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Domain controller: Refuse machine account password changes | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Digitally sign secure channel data (when possible) | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Disable machine account password changes | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Require strong (Windows 2000 or later) session key | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (if server agrees) | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Disconnect clients when logon hours expire | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Minimum session security for NTLM SSP based (including secure RPC) clients | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Password must meet complexity requirement | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Prevent enabling lock screen camera | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Profile single process | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Recovery console: Allow automatic administrative logon | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Recovery console: Allow floppy copy and access to all drives and all folders | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Specify the maximum log file size (KB) - System | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Take ownership of files or other objects | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Detect application installations and prompt for elevation | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| VCWN-65-000068 - The vCenter Server for Windows must use LDAPS when adding an SSO identity source. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WDNS-CM-000006 - The Windows 2012 DNS Server with a caching name server role must be secured against pollution by ensuring the authenticity and integrity of queried records. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WDNS-IA-000005 - The Windows 2012 DNS Server must provide its identity with returned DNS information by enabling DNSSEC and TSIG/SIG(0). | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Windows Firewall: Prohibit unicast response to multicast or broadcast requests | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-DC-000040 - Windows Server 2019 Kerberos user ticket lifetime must be limited to 10 hours or less. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000060 - Windows Server 2019 computer clock synchronization tolerance must be limited to five minutes or less. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN19-DC-000170 - Windows Server 2019 Active Directory Group Policy objects must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN19-DC-000220 - Windows Server 2019 Active Directory RID Manager$ object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-DC-000060 - Windows Server 2022 computer clock synchronization tolerance must be limited to five minutes or less. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN22-DC-000170 - Windows Server 2022 Active Directory Group Policy objects must be configured with proper audit settings. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-DC-000220 - Windows Server 2022 Active Directory RID Manager$ object must be configured with proper audit settings. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| WN22-DC-000330 - Windows Server 2022 domain controllers must be configured to allow reset of machine account passwords. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
