| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 18.6.4.2 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.2 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.9 Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.9 Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.10 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.11 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.4.2 Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.59.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.59.3.9.4 Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.65.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.2 Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.4 Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.6 (L1) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.1 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.2 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.2 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.2 (L2) Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.3 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.4 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.5 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.5 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.5 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.5 (L2) Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.3.6 (L2) Ensure 'Do not allow supported Plug and Play device redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'SSL 3.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG342 IIS6 - Public web servers must use TLS if authentication is required. - 'TLS 1.0 Client' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
