| 1.1.2.5 Set 'Audit Policy: DS Access: Directory Service Access' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.47 Set 'Audit Policy: Logon-Logoff: IPsec Main Mode' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.48 Set 'Audit Policy: Account Logon: Credential Validation' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.2.1 Set 'Audit: Shut down system immediately if unable to log security audits' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.2.4 Configure 'Audit: Audit the access of global system objects' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.3.2 Configure DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.4.3 Set 'Devices: Allowed to format and eject removable media' to 'Administrators and Interactive Users' | CIS Windows 8 L1 v1.0.0 | Windows | MEDIA PROTECTION |
| 1.1.3.6.12 Configure 'Interactive logon: Display user information when the session is locked' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.8.2 Set 'Microsoft network server: Amount of idle time required before suspending session' to '15 or fewer minute(s)' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.8.5 Set 'Microsoft network server: Digitally sign communications (always)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.9.1 Configure 'MSS: (AutoShareWks) Enable Administrative Shares (recommended except for highly secure environments)' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.9.14 Set 'MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 recommended)' to '0' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.10.3 Set 'Network access: Do not allow anonymous enumeration of SAM accounts and shares' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.11.1 Set 'Network security: Do not store LAN Manager hash value on next password change' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.11.5 'Network Security: Restrict NTLM: NTLM authentication in this domain' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.12.1 Set 'Recovery console: Allow automatic administrative logon' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.13.2 Set 'Shutdown: Allow system to be shut down without having to log on' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.17.8 Set 'User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.2 Set 'Deny log on through Remote Desktop Services' to 'Guests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.11 Set 'Enable computer and user accounts to be trusted for delegation' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.16 Set 'Act as part of the operating system' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.20 Set 'Access Credential Manager as a trusted caller' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.25 Set 'Impersonate a client after authentication' to 'Administrators, SERVICE, Local Service, Network Service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.27 Set 'Adjust memory quotas for a process' to 'Administrators, Local Service, Network Service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.32 Set 'Change the system time' to 'LOCAL SERVICE, Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.34 Configure 'Log on as a service' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.41 Set 'Create a token object' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.42 Set 'Modify an object label' to 'No one' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.5.1.2 Set 'Windows Firewall: Domain: Logging: Size limit (KB)' to '16384 KB or greater' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.1.7 Set 'Windows Firewall: Domain: Outbound connections' to 'Allow (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.1.11 Set 'Windows Firewall: Domain: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.2.2 Set 'Windows Firewall: Private: Outbound connections' to 'Allow (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.2.7 Set 'Inbound Connections' to 'Enabled:Block (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.2.9 Set 'Windows Firewall: Private: Allow unicast response' to 'No' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.2.10 Set 'Windows Firewall: Private: Logging: Log successful connections' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.5.3.8 Set 'Windows Firewall: Public: Logging: Log successful connections' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.10 Set 'Windows Firewall: Public: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.11 Set 'Inbound Connections' to 'Enabled:Block (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1.3 Configure 'Prohibit connection to non-domain networks when connected to domain authenticated network' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.3.1.7 Configure 'Turn off Event Viewer 'Events.asp' links' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.1.8 Set 'Turn off Internet download for Web publishing and online ordering wizards' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.3.3 Set 'Require a Password When a Computer Wakes (Plugged In)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.3.4 Set 'Require a Password When a Computer Wakes (On Battery)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.4.3 Configure 'Customize Warning Messages' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.3.8 Set 'Process even if the Group Policy objects have not changed' to 'Enabled:TRUE' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.9 Set 'Choose the boot-start drivers that can be initialized:' to 'Enabled:Good, unknown and bad but critical' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.2.1.1 Set 'Configure use of hardware-based encryption for fixed data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.11 Set 'Always install with elevated privileges' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.14 Set 'Pick one of the following settings' to 'Enabled:Require approval from an administrator before running downloaded unknown' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.19 Configure 'Turn off Windows Location Provider' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
