| 2.2.29 (L2) Ensure 'Log on as a service' is configured | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 7.2 Set Strong Password Creation Policies - HISTORY = 10 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.8.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.4 (L1) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2025 v1.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2022 STIG v2.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2022 STIG v2.0.0 NG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.5 Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Enabled with UEFI lock' (MS Only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.10.4 (BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.10.4 (BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.10.4 (BL) Ensure 'Disable new DMA devices when this computer is locked' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.44.1 (NG) Ensure 'Allow auditing events in Microsoft Defender Application Guard' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| Configure registry policy processing - NoBackgroundPolicy | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Create permanent shared objects | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on through Remote Desktop Services | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| DG0012-ORACLE11 - Database software directories including DBMS configuration files are stored in dedicated directories separate from the host OS and other applications - 'No unauthorized directories exist in $ORACLE_BASE' | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | CONFIGURATION MANAGEMENT |
| Disallow Autoplay for non-volume devices | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Intranet Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Generate security audits | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Internet Explorer Processes - FEATURE_RESTRICT_ACTIVEXINSTALL - iexplore.exe | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_RESTRICT_FILEDOWNLOAD - iexplore.exe | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_SECURITYBAND - explorer.exe | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - (Reserved) | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - explorer.exe | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Internet Explorer Processes - FEATURE_ZONE_ELEVATION - iexplore.exe | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Intranet Sites: Include all network paths (UNCs) | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Intranet Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Java permissions - Locked-Down Restricted Sites Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Manage auditing and security log | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Microsoft network client: Digitally sign communications (always) | MSCT Windows Server 2016 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Microsoft network server: Amount of idle time required before suspending session | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network security: Allow Local System to use computer identity for NTLM | MSCT Windows Server 2016 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent downloading of enclosures | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Require secure RPC communication | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Reset lockout counter after | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Show security warning for potentially unsafe files - Restricted Sites Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Specify the maximum log file size (KB) - Application | MSCT Windows Server 2016 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Specify use of ActiveX Installer Service for installation of ActiveX controls | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Take ownership of files or other objects | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Turn off the Security Settings Check feature | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Turn off Windows Defender | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on certificate address mismatch warning | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Turn On Virtualization Based Security - RequirePlatformSecurityFeatures | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Use enhanced anti-spoofing when available | MSCT Windows Server 2016 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Web sites in less privileged Web content zones can navigate into this zone - Internet Zone | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
