| 1.1.5 Ensure 'Minimum password length' is set to '14 or more character(s)' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.5 Ensure 'Add workstations to domain' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.6 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' | CIS Microsoft Windows Server 2022 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.8 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.8 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.9 (L1) Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators, Remote Desktop Users' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.10 Ensure 'Allow log on through Remote Desktop Services' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.40 Ensure 'Force shutdown from a remote system' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.61 Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.6.3 Ensure 'Domain member: Digitally sign secure channel data (when possible)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.4 Configure 'Interactive logon: Message text for users attempting to log on' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.7.5 Configure 'Interactive logon: Message title for users attempting to log on' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.11.2 Ensure 'Network security: Allow LocalSystem NULL session fallback' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.11.5 Ensure 'Network security: Do not store LAN Manager hash value on next password change' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.17.2 Ensure 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.6 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 5.12 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 5.14 (L1) Ensure 'OpenSSH SSH Server (sshd)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 9.2.5 Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.8 Ensure 'Windows Firewall: Public: Logging: Log dropped packets' is set to 'Yes' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.6 Ensure 'Audit Special Logon' is set to include 'Success' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.9.5 Ensure 'Audit System Integrity' is set to 'Success and Failure' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.5.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.10.7.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | MEDIA PROTECTION |
| 18.10.28.3 Ensure 'Turn off heap termination on corruption' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.2.2 Ensure 'Do not allow passwords to be saved' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.1 Ensure 'Prevent downloading of enclosures' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.81.2 Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 18.10.88.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.88.2.4 Ensure 'Disallow WinRM from storing RunAs credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.12 Ensure 'Administrative accounts can not be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.33 Ensure 'Local volumes must use a format that supports NTFS attributes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.35 Ensure 'Manually managed application account passwords be changed at least annually or when a system administrator with knowledge of the password leaves the organization' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.42 Ensure 'Operating System is maintained at a supported servicing level' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.66 Ensure 'The system uses a host-based intrusion detection or prevention system' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN10-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN10-CC-000025 - The system must be configured to prevent IP source routing. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000020 - IPv6 source routing must be configured to highest protection. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000025 - The system must be configured to prevent IP source routing. | DISA Microsoft Windows 11 STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-CC-000070 - Windows Server 2016 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN19-CC-000060 - Windows Server 2019 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
