| 1.1 Ensure 'Web content' is on non-system partition | CIS IIS 10 v1.2.1 Level 1 | Windows | ACCESS CONTROL |
| 1.1 Ensure web content is on non-system partition | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.1 Ensure Web Content Is on Non-System Partition | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'directory browsing' is set to disabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 1.3 Ensure 'directory browsing' is set to disabled | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication Provider | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.23 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.23 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.31 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE, RESTRICTED SERVICES\PrintSpoolerService' (DC only) | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.32 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only) | CIS Microsoft Windows Server 2016 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.32 (L1) Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.35 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.35 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.36 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 3.3 Ensure custom error messages are not off | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure Custom Error Messages are not Off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure custom error messages are not off - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.4 Ensure IIS HTTP detailed errors are hidden from displaying remotely - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured | CIS IIS 8.0 v1.5.1 Level 2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Ensure 'maxAllowedContentLength' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Ensure 'maxURL request filter' is configured - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure Default IIS web log location is moved | CIS IIS 10 v1.2.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| EX16-MB-000600 - Exchange services must be documented and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | CONFIGURATION MANAGEMENT |
| EX19-MB-000198 - Exchange services must be documented, and unnecessary services must be removed or disabled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000241 - The IIS 8.5 private website have a server certificate issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs). | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - ConnectionTimeout | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - maxBandwidth | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - maxConnections | DISA Microsoft SharePoint 2013 STIG v2r4 | Windows | CONFIGURATION MANAGEMENT |
| WG220 W22 - Web administration tools must be restricted to the web manager and the web manager's designees. | DISA STIG Apache Server 2.2 Windows v1r13 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000101 - The Microsoft FTP service must not be installed unless required. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN12-SV-000101 - The Microsoft FTP service must not be installed unless required. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
