| 2.2.29 Configure 'Log on as a service' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 3.6 Set 'Allow basic authentication' to 'False' | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.6 Set 'Allow basic authentication' to 'False' | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 5.11 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 5.11 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.12 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.12 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.12 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure that the MaxZoneParts setting for Web Part limits is set to 100. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Ensure that the MaxZoneParts setting for Web Parts is configured | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.4.2 Ensure 'Audit Directory Service Access' is set to include 'Success and Failure' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.18.7 (L2) Ensure 'Enable Windows Package Manager command line interfaces' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| CIS Control 6 (6.2(a)) Activate Audit Logging | CAS Implementation Group 1 Audit File | Unix | AUDIT AND ACCOUNTABILITY |
| CIS Control 10 (10.1) Ensure Regular Automated Backups | CAS Implementation Group 1 Audit File | Unix | CONTINGENCY PLANNING |
| CIS_AlmaLinux_OS_9_v2.0.0_L2_Server.audit from CIS AlmaLinux OS 9 Benchmark v2.0.0 | CIS AlmaLinux OS 9 v2.0.0 L2 Server | Unix | |
| CIS_Apache_Tomcat_9_L1_v1.2.0.audit from CIS Apache Tomcat 9 Benchmark | CIS Apache Tomcat 9 L1 v1.2.0 | Unix | |
| CIS_Bottlerocket_v1.0.0_L2.audit from CIS Bottlerocket Benchmark Level 2 | CIS Bottlerocket L2 | Unix | |
| CIS_CentOS_Linux_7_v4.0.0_L1_Server.audit from CIS CentOS Linux 7 Benchmark v4.0.0 | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Debian_Linux_11_v2.0.0_L2_Workstation.audit from CIS Debian Linux 11 Benchmark v2.0.0 | CIS Debian Linux 11 v2.0.0 L2 Workstation | Unix | |
| CIS_IBM_DB2_10_v1.1.0_Level_2_OS_Windows.audit from CIS DB2 10.x Windows OS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 2 | Windows | |
| CIS_IBM_DB2_11_v1.1.0_Level_1_OS_Linux.audit from CIS IBM DB2 11 v1.1.0 Benchmark | CIS IBM DB2 11 v1.1.0 Linux OS Level 1 | Unix | |
| CIS_MacOS_Safari_Benchmark_v2.0.0_L2.audit from CIS MacOS Safari Benchmark v2.0.0 | CIS MacOS Safari v2.0.0 L2 | Unix | |
| CIS_Oracle_Server_18c_v1.1.0_L1_Linux.audit from CIS Oracle Database 18c Benchmark v1.1.0 | CIS Oracle Server 18c Linux v1.1.0 | Unix | |
| CIS_Oracle_Server_19c_v1.2.0_L1_Linux.audit from CIS Oracle Database 19c Benchmark v1.2.0 | CIS Oracle Server 19c Linux v1.2.0 | Unix | |
| CIS_Ubuntu_20.04_LTS_v2.0.1_L1_Server.audit from CIS Ubuntu Linux 20.04 LTS Benchmark | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | |
| IIST-SI-000241 - The IIS 10.0 website must only accept client certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs). | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000252 - The maximum number of requests an application pool can process for each IIS 10.0 website must be explicitly set. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000258 - The application pools rapid fail protection for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000262 - Interactive scripts on the IIS 10.0 web server must have restrictive access controls. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000121 - The accounts created by uninstalled features (i.e., tools, utilities, specific, etc.) must be deleted from the IIS 10.0 server. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000131 - IIS 10.0 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000144 - IIS 10.0 web server system files must conform to minimum file permission requirements. | DISA IIS 10.0 Server v3r3 | Windows | ACCESS CONTROL |
| IIST-SV-000153 - An IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version. | DISA IIS 10.0 Server v3r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000210 - HTTPAPI Server version must be removed from the HTTP Response Header information. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SI-000252 - The maximum number of requests an application pool can process for each IIS 8.5 website must be explicitly set. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000255 - The application pool for each IIS 8.5 website must have a recycle time explicitly set. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000151 - The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000153 - An IIS 8.5 web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000161 - An IIS Server configured to be a SMTP relay must require authentication. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| SPLK-CL-000490 - Splunk Enterprise must accept the DOD CAC or other PKI credential for identity management and personal authentication. | DISA STIG Splunk Enterprise 8.x for Linux v2r2 STIG REST API | Splunk | IDENTIFICATION AND AUTHENTICATION |
