| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| Allow scripting of Internet Explorer WebBrowser controls - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scriptlets - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow scriptlets - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow software to run or install even if the signature is invalid | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow updates to status bar via script - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Apply UAC restrictions to local accounts on network logons | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Audit Account Lockout | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Audit Policy Change | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit User Account Management | MSCT Windows Server v20H2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Automatic prompting for file downloads - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Attack Surface Reduction rules - 3b576869-a4ec-4529-8536-b80a7769e899 | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure registry policy processing - NoBackgroundPolicy | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure the 'Block at First Sight' feature | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Windows Defender SmartScreen | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Debug programs | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Disallow Digest authentication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Do not allow drive redirection | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Domain member: Digitally encrypt or sign secure channel data (always) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Don't run antimalware programs against ActiveX controls - Intranet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enforce password history | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Hardened UNC Paths - \\*\NETLOGON | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Impersonate a client after authentication | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Initialize and script ActiveX controls not marked as safe - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Interactive logon: Machine account lockout threshold | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - (Reserved) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_MIME_SNIFFING - iexplore.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_WINDOW_RESTRICTIONS - explorer.exe | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Logon options - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Navigate windows and frames across different domains - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Password must meet complexity requirements | MSCT Windows Server v20H2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Perform volume maintenance tasks | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Prevent bypassing SmartScreen Filter warnings | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Run .NET Framework-reliant components signed with Authenticode - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Scripting of Java applets | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn on SmartScreen Filter scan - Locked-Down Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on the auto-complete feature for user names and passwords on forms - FormSuggest Control Panel | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn On Virtualization Based Security - HVCIMATRequired | MSCT Windows Server v20H2 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Use Pop-up Blocker - Internet Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Web sites in less privileged Web content zones can navigate into this zone - Restricted Sites Zone | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
