| 2.2 Ensure access to sensitive site features is restricted to authenticated principals only | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 2.2.29 Configure 'Log on as a service' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3 Ensure 'forms authentication' require SSL | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Application | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.5 Ensure ASP.NET stack tracing is not enabled | CIS IIS 8.0 v1.5.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Set 'Allow basic authentication' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Set 'Allow basic authentication' to 'False' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.8 Ensure 'MachineKey validation method - .Net 3.5' is configured - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Default | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Ensure global .NET trust level is configured - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, MEDIA PROTECTION |
| 4.6 Ensure 'HTTP Trace Method' is disabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure Handler is not granted Write and Script/Execute | CIS IIS 8.0 v1.5.1 Level 1 | Windows | ACCESS CONTROL |
| 4.8 Ensure Handler is not granted Write and Script/Execute - Applications | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.10 Ensure 'notListedCgisAllowed' is set to false | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 5.2.7 Ensure pwd_algorithm is configured | CIS IBM AIX 7 v1.0.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.1 Ensure FTP requests are encrypted - Control Channel Default | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Default | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure FTP requests are encrypted - Data Channel Sites | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure FTP Logon attempt restrictions is enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | |
| 6.2 Ensure FTP Logon attempt restrictions is enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure HSTS Header is set - Server | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure HSTS Header is set - Sites | CIS IIS 10 v1.2.1 Level 2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure that the MaxZoneParts setting for Web Parts is configured | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Ensure SSLv2 is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure TLS 1.1 is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 Ensure TLS 1.2 is Enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure NULL Cipher Suites is Disabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 40/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 56/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 64/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure RC4 Cipher Suites is Disabled - RC4 128/128 | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure AES 256/256 Cipher Suite is Enabled | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.11 Ensure Triple DES Cipher Suite is configured | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000252 - The maximum number of requests an application pool can process for each IIS 10.0 website must be explicitly set. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000262 - Interactive scripts on the IIS 10.0 web server must have restrictive access controls. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000252 - The maximum number of requests an application pool can process for each IIS 8.5 website must be explicitly set. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000256 - The maximum queue length for HTTP.sys for each IIS 8.5 website must be explicitly configured. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| SPLK-CL-000045 - Splunk Enterprise must use an SSO proxy service, F5 device, or SAML implementation to accept the DOD common access card (CAC) or other smart card credential for identity management, personal authentication, and multifactor authentication. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
| SPLK-CL-000490 - Splunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication. | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
