| 2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.20 Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.21 Ensure 'Deny access to this computer from the network' to include 'Guests, Local account and member of Administrators group' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| Android Compliance Policy - Password expiration (days) | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Compliance Policy - Require a password to unlock mobile devices | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Device Configuration - Camera | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Google account auto sync | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Android Device Configuration - Password | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Android Work Profile Device Configuration - Maximum minutes of inactivity until work profile locks | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL |
| Android Work Profile Device Configuration - Required password type | Tenable Best Practices for Microsoft Intune Android v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CIS AIX 5.3 and 6.1 v1.1.0 Level 2 | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | |
| GEN000590 - The system must use a FIPS 140-2 approved cryptographic hashing algorithm for generating account password hashes. | DISA STIG AIX 5.3 v1r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| GEN000595 - Password hashes must have been generated using a FIPS 140-2 hashing algorithm - 'no password hashes in /etc/security/passwd' | DISA STIG AIX 6.1 v1r14 | Unix | IDENTIFICATION AND AUTHENTICATION |
| iOS Compliance Policy - Device Threat Level | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| iOS Compliance Policy - Jailbroken devices | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Compliance Policy - Maximum minutes after screen lock before password is required | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL |
| iOS Device Management - Adding Game Center friends | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Block iCloud Document sync | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Configuration profile changes | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Device name modification | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Safari fraud warnings | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Simple passwords | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| iOS Device Management - Viewing corporate documents in unmanaged apps | Tenable Best Practices for Microsoft Intune iOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| macOS Compliance Policy - Block Simple Passwords | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| macOS Compliance Policy - Require a password to unlock devices. | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL |
| macOS Device Management - Firewall | Tenable Best Practices for Microsoft Intune macOS v1.0 | microsoft_azure | ACCESS CONTROL |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 1809 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v2004 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v20H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v21H1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server v2004 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server v2004 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v22H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 10 1909 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows 11 v22H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Windows Compliance Policy - Block USB debugging on device | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Compliance Policy - Maximum minutes of inactivity before password is required | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL |
| Windows Compliance Policy - Number of previous passwords to prevent reuse | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Windows Compliance Policy - Require a password to unlock mobile devices | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Windows Device Configuration - Behavior monitoring | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Camera | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - End-user access to Defender | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Geolocation | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Network and Internet | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - NFC | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
