| 1.1 Ensure Web Content Is on Non-System Partition | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.1.5 Set 'Turn off the Windows Messenger Customer Experience Improvement Program' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.2 Configure 'Do not process the run once list' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.6 Set 'Enumerate local users on domain-joined computers' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.3.3.1 Configure 'Turn Off the Display (seconds):' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.6 Set 'Enable RPC Endpoint Mapper Client Authentication' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3.7 Set 'Do not apply during periodic background processing' to 'Enabled:FALSE' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.13 Set 'Prevent installation of devices using drivers that match these device setup classes' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.2.3.14 Set 'Also apply to matching devices that are already installed' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.2.4.2.1.5 Set 'Recovery Password' to 'Allow 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.10 Set 'Choose how BitLocker-protected fixed drives can be recovered' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.11 Set 'Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.15 Set 'Configure use of smart cards on fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.5 Set 'Recovery Password' to 'Require 48-digit recovery password' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.13 Set 'Save BitLocker recovery information to AD DS for operating system drives' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.22 Configure 'Enable use of BitLocker authentication requiring preboot keyboard input on slates' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.23 Configure 'Configure TPM platform validation profile for BIOS-based firmware configurations' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.10 Configure 'Turn off the Store application' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.7 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.27 (L1) Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure Access to Sensitive Site Features Is Restricted To Authenticated Principals Only - Applications | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 2.4 Ensure 'forms authentication' is set to use cookies - Applications | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Ensure 'passwordFormat' is not set to clear - Applications | CIS IIS 7 L1 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.15 (L2) Ensure 'Force Google SafeSearch' is set to 'Enabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.17 (L1) Ensure 'Proxy settings' is set to 'Enabled' and does not contain 'ProxyMode': 'auto_detect' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.23 (L2) Ensure 'Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store' Is Enabled | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.27 (L1) Ensure 'Http Allowlist' Is Properly Configured | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.8 Configure MachineKey Validation Method - .Net 3.5 - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 (L1) Ensure 'Enable predict network actions` is set to 'Enabled: Do not predict actions on any network connection' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.11 Ensure 'encryption providers' are locked down | CIS IIS 7 L2 v1.8.0 | Windows | ACCESS CONTROL |
| 3.13 (L1) Ensure 'Enable Safe Browsing for trusted sources' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.3 Ensure 'MaxQueryString request filter' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 (L2) Ensure 'Allow or deny video capture' is set to 'Disabled' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure Double-Encoded Requests will be Rejected - Default | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Default | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.8 Ensure Handler is not granted Write and Script/Execute - Default | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 4.9 (L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled' | CIS Google Chrome L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.11 (L1) Ensure 'List of types that should be excluded from synchronization' is set to 'Enabled: passwords' | CIS Google Chrome L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure SSLv2 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
