| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.6.5.1 (L2) Ensure 'Enable Font Providers' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.20.1 (L2) Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2019 v4.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only) | CIS Microsoft Windows Server 2019 v4.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.20.1.10 (L2) Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.11 (L2) Ensure 'Turn off the Windows Messenger Customer Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.13 (L2) Ensure 'Turn off Windows Error Reporting' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.1 (L2) Ensure 'Turn off the advertising ID' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.59.4 (L2) Ensure 'Allow search highlights' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.81.3 (L2) Ensure 'Prevent Internet Explorer security prompt for Windows Installer scripts' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.87.2 (L2) Ensure 'Turn on PowerShell Transcription' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 19.7.8.4 (L2) Ensure 'Turn off all Windows spotlight features' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| Account lockout duration | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Allow binary and script behaviors | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow cut, copy or paste operations from the clipboard via script - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow indexing of encrypted files | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Allow updates to status bar via script - Internet Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Allow user control over installs | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Allow VBScript to run in Internet Explorer - Internet Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Always install with elevated privileges | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Audit Directory Service Access | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other System Events | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Sensitive Privilege Use | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 1903 DC v1.19.9 | Windows | AUDIT AND ACCOUNTABILITY |
| Check for server certificate revocation | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| CIS MS Office Outlook 2010 v1.0.0.audit for MS Outlook 06-28-2013 | CIS MS Office Outlook 2010 v1.0.0 | Windows | |
| CIS_Apple_macOS_13.0_Ventura_Cloud-tailored_v1.1.0_L1.audit from CIS Apple macOS 13.0 Ventura Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | |
| CIS_Apple_macOS_14.0_Sonoma_Cloud-tailored_v1.1.0_L2.audit from CIS Apple macOS 14.0 Sonoma Cloud-tailored Benchmark v1.1.0 | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.1.0 L2 | Unix | |
| CIS_Cisco_IOS_12_v4.0.0_Level_1.audit for Cisco IOS 12 from CIS Cisco IOS 12 Benchmark v4.0.0 | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | |
| Configure Attack Surface Reduction rules - d4f940ab-401b-4efc-aadc-ad5f3c50688a | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Configure SMB v1 server | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Create a pagefile | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Create global objects | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Disallow Autoplay for non-volume devices | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Domain member: Disable machine account password changes | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Require strong (Windows 2000 or later) session key | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Internet Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable insecure guest logons | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enable Structured Exception Handling Overwrite Protection (SEHOP) | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
| Enforce password history | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Initialize and script ActiveX controls not marked as safe - Restricted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Initialize and script ActiveX controls not marked as safe - Trusted Sites Zone | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_DISABLE_MK_PROTOCOL - iexplore.exe | MSCT Windows Server 1903 DC v1.19.9 | Windows | CONFIGURATION MANAGEMENT |
