| 2.2.8 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.8 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.9 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.47 Ensure 'Lock pages in memory' is set to 'No One' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.7.5 Configure 'Interactive logon: Message title for users attempting to log on' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.9 Ensure 'Network security: Minimum session security for NTLM SSP based (including secure RPC) clients' is set to 'Require NTLMv2 session security, Require 128-bit encryption' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.17.5 Ensure 'User Account Control: Behavior of the elevation prompt for standard users' is set to 'Automatically deny elevation requests' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.7 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 9.1.6 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.1 (L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.8 (L1) Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.11.3 Ensure 'Prohibit use of Internet Connection Sharing on your DNS domain network' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 20.26 Ensure 'Emergency accounts must be automatically removed or disabled after the crisis is resolved or within 72 hours' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.35 Ensure 'Manually managed application account passwords be changed at least annually or when a system administrator with knowledge of the password leaves the organization' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.37 Ensure 'Non-administrative accounts or groups only have print permissions on printer shares' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.46 Ensure 'Passwords are configured to expire' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| DTOO280 - Outlook - Authentication with Exchange Server must be required. | DISA STIG Office 2010 Outlook v1r14 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2022 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows 11 v23H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server v1909 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows 10 1909 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows 10 v22H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (always) | MSCT Windows 10 v2004 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (always) | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (always) | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Digitally sign communications (always) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-CC-000070 - Windows Server 2022 insecure logons to an SMB server must be disabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WN22-MS-000080 - Windows Server 2022 Deny access to this computer from the network user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and local accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
| WN22-MS-000090 - Windows Server 2022 Deny log on as a batch job user right on domain-joined member servers must be configured to prevent access from highly privileged domain accounts and from unauthenticated access on all systems. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | ACCESS CONTROL |
