| 1.1.1.1 Set 'Account lockout threshold' to '5 invalid logon attempt(s)' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.1.9 Set 'Maximum password age' to '60 or fewer days' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2.4 Set 'Audit Policy: Detailed Tracking: RPC Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.8 Set 'Audit Policy: Detailed Tracking: Process Termination' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.11 Set 'Audit Policy: Account Management: Computer Account Management' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.12 Set 'Audit Policy: System: Security System Extension' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.18 Set 'Audit Policy: Account Logon: Other Account Logon Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.27 Set 'Audit Policy: DS Access: Directory Service Changes' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.31 Set 'Audit Policy: Logon-Logoff: Account Lockout' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.34 Set 'Audit Policy: System: System Integrity' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.43 Set 'Audit Policy: Object Access: Certification Services' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.45 Set 'Audit Policy: Object Access: Handle Manipulation' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.52 Set 'Audit Policy: Logon-Logoff: IPsec Extended Mode' to 'No Auditing | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.55 Set 'Audit Policy: Policy Change: Authentication Policy Change' to 'Success' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.1.3 Set 'Accounts: Administrator account status' to 'Disabled'. | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.4.4 Configure 'Devices: Restrict CD-ROM access to locally loggedon user only' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.1.3.5.4 Set 'Domain member: Maximum machine account password age' to '30 or fewer day(s)' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.5.6 Set 'Domain member: Disable machine account password changes' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.6.2 Set 'Interactive logon: Smart card removal behavior' to 'Lock Workstation' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.8.4 Set 'Microsoft network server: Server SPN target name validation level' to 'Accept if provided by client' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.9.3 Set 'MSS: (AutoAdminLogon) Enable Automatic Logon (not recommended)' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.10.1 Set 'Network access: Let Everyone permissions apply to anonymous users' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.10.5 Set 'Network access: Restrict anonymous access to Named Pipes and Shares' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.10.11 Configure 'Network access: Do not allow storage of passwords and credentials for network authentication' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.11.7 Set 'Network security: Minimum session security for NTLM SSP based clients' to 'Require NTLMv2 session security' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.11.8 Configure 'Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.11.11 Set 'Network security: LAN Manager authentication level' to 'Send NTLMv2 response only. Refuse LM & NTLM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.11.13 Configure 'Network Security: Restrict NTLM: Audit NTLM authentication in this domain' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.14.1 Configure 'System cryptography: Force strong key protection for user keys stored on the computer' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.16.1 Configure 'System settings: Optional subsystems' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.3.17.1 Set 'User Account Control: Admin Approval Mode for the Built-in Administrator account' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.17.6 Set 'User Account Control: Virtualize file and registry write failures to per-user locations' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.17.7 Set 'User Account Control: Switch to the secure desktop when prompting for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.17.10 Set 'User Account Control: Run all administrators in Admin Approval Mode' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.4.10 Set 'Create global objects' to 'Administrators, SERVICE, LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.17 Set 'Modify firmware environment values' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.21 Set 'Deny log on locally' to 'Guests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.23 Set 'Restore files and directories' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.30 Set 'Bypass traverse checking' to 'Users, NETWORK SERVICE, LOCAL SERVICE, Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.31 Set 'Increase a process working set' to 'Administrators, Local Service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.8 Ensure 'credentials' are not stored in configuration files - Applications | CIS IIS 7 L2 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Ensure 'debug' is turned off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure Custom Error Messages are not Off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.5 Ensure ASP.NET stack tracing is not enabled - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.7 Ensure 'cookies' are set with HttpOnly attribute - Default | CIS IIS 7 L2 v1.8.0 | Windows | ACCESS CONTROL |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure non-ASCII characters in URLs are not allowed - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 7.1 Ensure HSTS Header is set | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.15 Ensure TLS Cipher Suite ordering is configured | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
