| 1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | CONFIGURATION MANAGEMENT |
| 2.2.24 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.10.5 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured - Network access: Remotely accessible registry paths and sub-paths is configured | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 17.7.2 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.3 Ensure 'Audit Audit Policy Change' is set to include 'Success and Failure' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.9.7.1.2 (BL) Ensure 'Prevent installation of devices that match any of these device IDs: Prevent installation of devices that match any of these device IDs' is set to 'PCI\CC_0C0A' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | MEDIA PROTECTION |
| 18.9.18.2 Ensure 'Turn Off user-installed desktop gadgets' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v3.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.12 (BL) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.12 (L1) Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.11 (BL) Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.12 (BL) Ensure 'Configure use of smart cards on removable data drives' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.29.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.29.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Apple_macOS_10.13_v1.1.0_Level_2.audit from CIS Apple macOS 10.13 Benchmark v1.1.0 | CIS Apple macOS 10.13 L2 v1.1.0 | Unix | |
| CIS_Apple_macOS_10.14_v2.0.0_L2.audit from CIS Apple macOS 10.14 Benchmark v2.0.0 | CIS Apple macOS 10.14 v2.0.0 L2 | Unix | |
| CIS_CentOS_6_v3.0.0_Server_L2.audit from CIS CentOS Linux 6 Benchmark v3.0.0 | CIS CentOS 6 Server L2 v3.0.0 | Unix | |
| CIS_CentOS_8_Workstation_L2_v2.0.0.audit from CIS CentOS Linux 8 Benchmark v2.0.0 | CIS CentOS Linux 8 Workstation L2 v2.0.0 | Unix | |
| CIS_Microsoft_SharePoint_2019_OS_v1.0.0_Level_1.audit from CIS Microsoft SharePoint 2019 Benchmark v1.0.0 | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | |
| CIS_Mozilla_Firefox_102_ESR_v1.0.0_Windows_Level2.audit for CIS Mozilla Firefox 102 ESR v1.0.0 | CIS Mozilla Firefox 102 ESR Windows L2 v1.0.0 | Windows | |
| CIS_MySQL_5.6_Enterprise_Benchmark_v2.0.0_LEVEL_1_DB.audit from CIS Oracle MySQL 5.6 Enterprise Edition Benchmark | CIS MySQL 5.6 Enterprise Database L1 v2.0.0 | MySQLDB | |
| CIS_MySQL_5.7_Community_Benchmark_v2.0.0_Level_1_OS_MS.audit from CIS Oracle MySQL 5.7 Community Edition Benchmark | CIS MySQL 5.7 Community Windows OS L1 v2.0.0 | Windows | |
| CIS_MySQL_5.7_Enterprise_Benchmark_v2.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 5.7 Enterprise Edition Benchmark | CIS MySQL 5.7 Enterprise Linux OS L1 v2.0.0 | Unix | |
| CIS_MySQL_8.4_Community_Benchmark_v1.0.0_Level_1_Database.audit from CIS Oracle MySQL 8.4 Community Edition Benchmark | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 Database | MySQLDB | |
| CIS_MySQL_8.4_Community_Benchmark_v1.0.0_Level_1_OS_Linux.audit from CIS Oracle MySQL 8.4 Community Edition Benchmark | CIS Oracle MySQL Community Server 8.4 v1.0.0 L1 OS Linux on Linux | Unix | |
| CIS_MySQL_8.4_Community_Benchmark_v1.0.0_Level_2_Database.audit from CIS Oracle MySQL 8.4 Community Edition Benchmark | CIS Oracle MySQL Community Server 8.4 v1.0.0 L2 Database | MySQLDB | |
| CIS_Oracle_Linux_8_Server_L1_v3.0.0.audit from CIS Oracle Linux 8 Benchmark v3.0.0 | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | |
| CIS_Oracle_Linux_8_Server_L2_v3.0.0.audit from CIS Oracle Linux 8 Benchmark v3.0.0 | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | |
| CIS_Oracle_Linux_8_Workstation_L1_v3.0.0.audit from CIS Oracle Linux 8 Benchmark v3.0.0 | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | |
| CIS_Ubuntu_18.04_LXD_Host_v1.0.0_L2_Workstation.audit from CIS Ubuntu Linux 18.04 LXD Host Benchmark | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | |
| CIS_Ubuntu_Linux_22.04_LTS_v2.0.0_L1_Server.audit from CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0 | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | |
| CIS_Ubuntu_Linux_22.04_LTS_v2.0.0_L2_Server.audit from CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0 | CIS Ubuntu Linux 22.04 LTS v2.0.0 L2 Server | Unix | |
