| 1.1.6 (L1) Ensure 'Store passwords using reversible encryption' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.7.6 Ensure GDM automatic mounting of removable media is disabled | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Server | Unix | MEDIA PROTECTION |
| 1.7.8 Ensure GDM autorun-never is enabled | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | MEDIA PROTECTION |
| 2.2.5 (L1) Ensure 'Allow log on locally' is set to 'Administrators, Users' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.5 (L1) Ensure 'Allow log on locally' is set to 'Administrators, Users' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.5 Ensure 'Allow log on locally' is set to 'Administrators, Users' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.7 Ensure 'Allow log on locally' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.7 Ensure 'Allow log on locally' is set to 'Administrators' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.30 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' and (when the Web Server (IIS) Role with Web Services Role Service is installed) 'IIS_IUSRS' (MS only) - IIS_IUSRS | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'apache account is configured' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd services are running as apache user' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 3.1 Ensure the Apache Web Server Runs As a Non-Root User - 'httpd.conf Group = apache' | CIS Apache HTTP Server 2.2 L1 v3.6.0 | Unix | ACCESS CONTROL |
| 18.5.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 (L2) Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2019 v3.0.1 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.19.2.1 Disable IPv6 (Ensure TCPIP6 Parameter 'DisabledComponents' is set to '0xff (255)') | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.24.1 (L1) Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.24.1 Ensure 'EMET 5.52' or higher is installed | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.9.100.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 89.4 (L1) Ensure 'Allow Local Log On' is set to 'Administrators, Users' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 89.4 (L1) Ensure 'Allow Local Log On' is set to 'Administrators, Users' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CIS Control 1 (1.6) Ensure that unauthorized assets are removed, quarantined or the inventory is updated | CAS Implementation Group 1 Audit File | Unix | CONFIGURATION MANAGEMENT |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| Control Plane Policing | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - global | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-CA-000130 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| EX13-MB-000300 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | CONFIGURATION MANAGEMENT |
| EX16-ED-000610 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| EX19-ED-000199 - Exchange services must be documented, and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| Local password complexity - password composition lowercase | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password configuration aging | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Minimum password length | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 only | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SP13-00-000125 - SharePoint must implement an information system isolation boundary that minimizes the number of nonsecurity functions included within the boundary containing security functions. | DISA STIG SharePoint 2013 v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Time synchronization - ntp authentication | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Time synchronization - ntp server | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Time synchronization - ntp server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| USB port | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
