| 18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | ACCESS CONTROL |
| 18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.3 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.5 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.4 (L1) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | MEDIA PROTECTION |
| 18.10.10.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' or higher | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.5 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' or higher | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.9 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.9 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Do not enable BitLocker until recovery information is stored to AD DS for removable data drives' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | MEDIA PROTECTION |
| CIS Control 12 (12.1) Maintain an Inventory of Network Boundaries | CAS Implementation Group 1 Audit File | Unix | SECURITY ASSESSMENT AND AUTHORIZATION |
| CIS_Apple_macOS_10.15_Catalina_v3.0.0_L1.audit from CIS Apple macOS 10.15 Catalina Benchmark v3.0.0 | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | |
| CIS_Apple_macOS_14_Sonoma_STIG_v1.0.0_CAT_I.audit from CIS Apple macOS 14 (Sonoma) STIG Benchmark v1.0.0 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT I | Unix | |
| CIS_Apple_macOS_14_Sonoma_STIG_v1.0.0_CAT_III.audit from CIS Apple macOS 14 (Sonoma) STIG Benchmark v1.0.0 | CIS Apple macOS 14 (Sonoma) STIG v1.0.0 CAT III | Unix | |
| CIS_Fedora_28_Family_Linux_Server_L1_v1.0.0.audit from CIS Fedora 19 Family Linux Benchmark v1.0.0 | CIS Fedora 19 Family Linux Server L2 v1.0.0 | Unix | |
| CIS_Fedora_28_Family_Linux_Server_L1_v2.0.0.audit from CIS Fedora 28 Family Linux Benchmark v2.0.0 | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | |
| CIS_Microsoft_Exchange_Server_2013_Level_1_CAS_v1.1.0.audit from CIS Microsoft Exchange Server 2013 v1.1.0 Benchmark | CIS Microsoft Exchange Server 2013 CAS v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2013_Level_1_Edge_v1.1.0.audit from CIS Microsoft Exchange Server 2013 v1.1.0 Benchmark | CIS Microsoft Exchange Server 2013 Edge v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Exchange_Server_2013_Level_1_UM_v1.1.0.audit from CIS Microsoft Exchange Server 2013 v1.1.0 Benchmark | CIS Microsoft Exchange Server 2013 UM v1.1.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Microsoft_Intune_for_Office_v1.1.0_L2.audit from CIS Microsoft Intune for Office Benchmark v1.1.0 | CIS Microsoft Intune for Office v1.1.0 L2 | Windows | |
| CIS_Microsoft_Office_Excel_2016_v1.0.1.audit from CIS Microsoft Office Excel 2016 Benchmark v1.0.1 | CIS Microsoft Office Excel 2016 v1.0.1 | Windows | |
| CIS_Microsoft_Office_PowerPoint_2016_v1.0.1.audit from CIS Microsoft Office PowerPoint 2016 Benchmark v1.0.1 | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | |
| CIS_MS_Office_Word_2016_v1.1.0.audit from CIS Microsoft Office Word 2016 Benchmark v1.1.0 | CIS Microsoft Office Word 2016 v1.1.0 | Windows | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_L2_Server.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | |
| CIS_Red_Hat_EL7_STIG_v2.0.0_STIG.audit from CIS Red Hat Enterprise Linux 7 STIG v2.0.0 | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | |
| CIS_Red_Hat_Enterprise_Linux_7_v4.0.0_L1_Server.audit from CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | |
| CIS_Red_Hat_Enterprise_Linux_10_v1.0.1_L2_Workstation.audit from CIS Red Hat Enterprise Linux 10 Benchmark v1.0.1 | CIS Red Hat Enterprise Linux 10 v1.0.1 L2 Workstation | Unix | |
| CIS_Ubuntu_18.04_LXD_Container_v1.0.0_L1.audit from CIS Ubuntu Linux 18.04 LXD Container Benchmark | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | |
| CIS_Ubuntu_Linux_24.04_LTS_STIG_v1.0.0_CAT_III.audit from CIS Ubuntu Linux 24.04 LTS STIG Benchmark v1.0.0 | CIS Ubuntu Linux 24.04 LTS STIG v1.0.0 CAT III | Unix | |
| CIS_v1.2.0_IBM_DB2_OS_Linux_Level_2.audit from CIS DB2 8, 9 & 9.5 for Linux | CIS IBM DB2 OS L1 v1.2.0 | Unix | |
| Salesforce.com : AuthConfig - 'Auth Providers = Facebook' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = MicrosoftACS Consumer Key' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Key' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Consumer Secret' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = OpenIdConnect Token Issuer' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Consumer Secret' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - 'Auth Providers = Salesforce Default Scope' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : AuthConfig - No SSO Auth Providers have been configured | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : CronTrigger - 'Cron Jobs with Status of BLOCKED' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'AddressInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Email Services - 'FunctionInactiveAction != 2' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Monitoring Login History - 'Inactive System Administrators' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'Minimum 1 day password lifetime' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Password Policies - 'Obscure secret answer for password resets = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Password Policies - 'passwords expire >= 90' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Session Security - 'Enable clickjack protection for non-setup Salesforce pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Setting Session Security - 'Review Apex Mobile User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
