| 1.1.3.17.4 Set 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' to 'Prompt for consent' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.10 Ensure noexec option set on /var/tmp partition | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 2.2.23 Ensure 'Deny log on as a batch job' to include 'Guests' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.37 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.42 Ensure 'Lock pages in memory' is set to 'No One' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.50 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.51 Ensure 'Profile system performance' is set to 'Administrators, NT SERVICE\WdiServiceHost' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.4.2 Ensure 'Devices: Prevent users from installing printer drivers' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Detect application installations and prompt for elevation' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 5.1.3 Minimize wildcard use in Roles and ClusterRoles | CIS Kubernetes v1.10.0 L1 Worker | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.1.8 Ensure at/cron is restricted to authorized users - at.deny does not exist | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.1.8 Ensure at/cron is restricted to authorized users - cron.allow | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.1.12 Minimize access to webhook configuration objects | CIS Kubernetes v1.10.0 L1 Master | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.5 Ensure access to the su command is restricted - pam_wheel.so | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1.14 Audit SGID executables | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.4.1 Ensure 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.7.2 Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.22.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.47.11.1 Ensure 'Enable/Disable PerfTrack' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.15.2 Ensure 'Enumerate administrator accounts on elevation' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| Allow user control over installs | MSCT Windows 10 v20H2 v1.0.0 | Windows | ACCESS CONTROL |
| Disallow WinRM from storing RunAs credentials | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Disallow WinRM from storing RunAs credentials | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate administrator accounts on elevation | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate administrator accounts on elevation | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate local users on domain-joined computers | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Turn on convenience PIN sign-in | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Turn on convenience PIN sign-in | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Turn on convenience PIN sign-in | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| Turn on PowerShell Script Block Logging - EnableScriptBlockLogging | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Turn on PowerShell Script Block Logging - EnableScriptBlockLogging | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for standard users | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for standard users | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Detect application installations and prompt for elevation | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Run all administrators in Admin Approval Mode | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Run all administrators in Admin Approval Mode | MSCT Windows 10 v2004 v1.0.0 | Windows | ACCESS CONTROL |
