| 1.3.2 Ensure 'Hide Option to Enable or Disable Updates' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.6.1 Ensure 'Check to disable users from adding entries to server list' is set to Enabled:Publish default, disallow others | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.2.3.1 Ensure 'Allow Trusted Locations on the Network' is set to Disabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.2.3.2 Ensure 'Disable All Trusted Locations' is set to Enabled | CIS Microsoft Office Word 2013 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.3 Ensure 'Make Hidden Markup Visible' is set to Enabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.4 Ensure 'Turn Off File Validation' is set to Disabled | CIS Microsoft Office Word 2013 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.4 Ensure 'Turn Off File Validation' is set to Disabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.8.7.5 Ensure 'Warn Before Printing, Saving or Sending a File That Contains Tracked Changes or Comments' is set to Enabled | CIS Microsoft Office Word 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.9.4.2.3 Ensure 'Plain Text Options' is set to Disabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.9.6.1.3 Ensure 'Do not allow Outlook object model scripts to run for public folders' is set to Enabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.9.6.1.5 Ensure 'Use Unicode format when dragging e-mail message to file system' is set to Disabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.9.6.3 Ensure 'Make Outlook the default program for E-mail, Contacts, and Calendar' is set to Enabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.9.8.1.2.4 Ensure 'Restrict level of calendar details users can publish' is set to Enabled:Disables 'Full details' and 'Limited details' | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.13.3.1.1 Ensure 'Allow users to demote attachments to Level 2' is set to Disabled | CIS Microsoft Office Outlook 2013 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.13.3.1.3 Ensure 'Do not prompt about Level 1 attachments when closing an item' is set to Disabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.13.3.2.2 Ensure 'Outlook Object Model Custom Actions Execution Prompt' is set to Enabled:Automatically Deny | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.13.3.3.7 Ensure 'Configure Outlook object model prompt when sending mail:' is set to Enabled:Automatically Deny | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.13.3.4 Ensure 'Outlook Security Mode' is set to Enabled | CIS Microsoft Office Outlook 2016 v1.1.0 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.24 Set 'Read e- mail as plain text' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.5.2 (L1) Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.10.13 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.2 (L1) Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.4 Ensure 'forms authentication' is set to use cookies | CIS IIS 8.0 v1.5.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 2.7.1 Ensure 'Document Information Panel Beaconing UI' is set to Enabled (Always show UI) | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.18 Set 'Suppress external signature services menu item' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.25.3.3 Ensure 'Allow Mix of Policy and User Locations' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.29.1 Ensure 'Suppress External Signature Service' is set to Enabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.35.1.1 Ensure 'Allow PNG As an Output Format' is set to Disabled | CIS Microsoft Office 2016 v1.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Set 'Automatically configure profile based on Active Directory Primary SMTP address' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.1 Set 'Automatically receive small updates to improve reliability' to 'Disabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.2 Set 'Disable Opt-in Wizard on first run' to 'Enabled' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.3 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.28.1 (L1) Ensure 'Always use classic logon' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.28.1 (L1) Ensure 'Always use classic logon' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| MS.AAD.7.5v1 - Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system. | CISA SCuBA Microsoft 365 Entra ID v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| MS.POWERPLATFORM.1.2v1 - The ability to create trial environments SHALL be restricted to admins. | CISA SCuBA Microsoft 365 Power Platform v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| MS.TEAMS.1.1v1 - External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows. | CISA SCuBA Microsoft 365 Teams v1.5.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| Restrict File Download - mspub.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - pptview.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - spdesign.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Restrict File Download - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Saved from URL - exprwd.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - onenote.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - outlook.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Scripted Window Security Restrictions - winword.exe | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Set document behavior if file validation fails - powerpoint | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Set document behavior if file validation fails - word | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
