| 1.189 WN16-MS-000010 | CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT I | Windows | ACCESS CONTROL |
| 1.213 WN19-SO-000060 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.213 WN22-SO-000060 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.214 WN19-SO-000070 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.214 WN19-SO-000070 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.214 WN22-SO-000070 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.214 WN22-SO-000070 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.215 WN19-SO-000080 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.215 WN19-SO-000080 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.215 WN22-SO-000080 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | ACCESS CONTROL |
| 2.2 Ensure the SharePoint farm service account (database access account) is configured with the minimum privileges for the local server. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | ACCESS CONTROL |
| 2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.2 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 2.5 Ensure that the User-ID Agent has minimal permissions if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL |
| 5.1 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2016 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| DISA_STIG_Microsoft_Windows_2012_Server_DNS_v2r7.audit from DISA Microsoft Windows 2012 Server Domain Name System v2r7 STIG | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | |
| Domain member: Maximum machine account password age | MSCT Windows Server 2016 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2019 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows 10 v1507 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows 10 1803 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| IIST-SV-000103 - Both the log file and Event Tracing for Windows (ETW) for the IIS 10.0 web server must be enabled. | DISA IIS 10.0 Server v2r10 | Windows | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000470 - Network access to HTTP management must be disabled on domain-enabled application servers not designated as the domain controller. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| Network access: Remotely accessible registry paths and subpaths | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Remotely accessible registry paths and subpaths | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| WDNS-CM-000020 - The Windows 2012 DNS Servers zone database files must not be accessible for edit/write by users and/or processes other than the Windows 2012 DNS Server service account and/or the DNS database administrator. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WDNS-IA-000001 - The Windows 2012 DNS Server must require devices to re-authenticate for each dynamic update request connection attempt. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000006 - The Windows 2012 DNS Server must be configured to enforce authorized access to the corresponding private key. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-SC-000003 - The Windows 2012 DNS Servers IP address must be statically defined and configured locally on the server. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000004 - The Windows 2012 DNS Server must return data information in responses to internal name/address resolution queries. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SI-000002 - The Windows 2012 DNS Server must follow procedures to re-role a secondary name server as the master name server should the master name server permanently lose functionality. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN12-GE-000004-MS - Only administrators responsible for the member server must have Administrator rights on the system. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000010 - The system must not boot into multiple operating systems (dual-boot). | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000010 - The system must not boot into multiple operating systems (dual-boot). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-MS-000010 - Only administrators responsible for the member server or standalone or nondomain-joined system must have Administrator rights on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | ACCESS CONTROL |
| WN16-MS-000120 - Windows Server 2016 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
| WN19-MS-000010 - Windows Server 2019 must only allow Administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | ACCESS CONTROL |
| WN19-MS-000030 - Windows Server 2019 local users on domain-joined member servers must not be enumerated. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | CONFIGURATION MANAGEMENT |
| WN19-MS-000140 - Windows Server 2019 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2019 STIG v3r8 | Windows | CONFIGURATION MANAGEMENT |
| WN22-MS-000010 - Windows Server 2022 must only allow administrators responsible for the member server or standalone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | ACCESS CONTROL |
| WN22-MS-000030 - Windows Server 2022 local users on domain-joined member servers must not be enumerated. | DISA Microsoft Windows Server 2022 STIG v2r8 | Windows | CONFIGURATION MANAGEMENT |
| WN25-MS-000010 - Windows Server 2025 must only allow administrators responsible for the member server or stand-alone or nondomain-joined system to have Administrator rights on the system. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL |
| WN25-MS-000030 - Windows Server 2025 local users on domain-joined member servers must not be enumerated. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
| WN25-MS-000140 - Windows Server 2025 must be running Credential Guard on domain-joined member servers. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | CONFIGURATION MANAGEMENT |
