| 17.6.2 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 (L1) Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.4 Ensure 'Audit Removable Storage' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | RISK ASSESSMENT |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - NETLOGON | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | RISK ASSESSMENT |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.5.14.1 Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication' and 'Require Integrity' set for all NETLOGON and SYSVOL shares' - SYSVOL | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 (L2) Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.23.1 Ensure 'Support device authentication using certificate' is set to 'Enabled: Automatic' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.6 (L1) Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.6 Ensure 'Password Settings: Password Age (Days)' is set to 'Enabled: 30 or fewer' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | IDENTIFICATION AND AUTHENTICATION |
| AADC-CL-001300 - Adobe Acrobat Pro DC Classic third-party web connectors must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001305 - Adobe Acrobat Pro DC Classic Webmail must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001325 - Adobe Acrobat Pro DC Classic privileged host locations must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| Allow unicast response - Private Profile | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Application Identity | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Apply local firewall rules - Private Profile | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - 800-53r4 High | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT |
| Big Sur - Disable Power Nap | NIST macOS Big Sur v1.4.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-171 | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Disable Power Nap | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | CONFIGURATION MANAGEMENT |
| Inbound Connections - Public Profile | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-53r4 Low | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | CONFIGURATION MANAGEMENT |
| Monterey - Disable Power Nap | NIST macOS Monterey v1.0.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 Recommended) | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| WDNS-SC-000031 - The Windows 2012 DNS Server must implement NIST FIPS-validated cryptography for provisioning digital signatures, generating cryptographic hashes, and protecting unclassified information requiring confidentiality. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-DC-000010 - Windows Server 2022 must only allow administrators responsible for the domain controller to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-DC-000400 - Windows Server 2022 Deny log on locally user right on domain controllers must be configured to prevent unauthenticated access. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
