| 1.192 WN19-MS-000020 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | ACCESS CONTROL |
| 1.192 WN22-MS-000020 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.195 WN19-MS-000050 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.213 WN19-SO-000060 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.213 WN22-SO-000060 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.215 WN22-SO-000080 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.3 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.3 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) | CIS Microsoft Windows Server 2016 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users' (MS only) | CIS Microsoft Windows Server 2022 v5.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.12 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.2.33 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2022 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.2.41 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.44 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.2.44 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2025 v2.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.45 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in Accounts | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | ACCESS CONTROL |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 5.2 (L2) Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2022 v5.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 5.2 Ensure 'Print Spooler (Spooler)' is set to 'Disabled' (MS only) | CIS Microsoft Windows Server 2025 v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.26.3 Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v2.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_DC_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 1 | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | |
| CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | |
| CIS_MS_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 MS Level 1 | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | |
| Domain member: Maximum machine account password age | MSCT Windows Server 1903 DC v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2019 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows 10 1809 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows 10 1903 v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 1903 MS v1.19.9 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2016 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| SQLI-22-004100 - SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM account is not used for administration. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| WDNS-SC-000005 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data origin to DNS resolvers. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000007 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data integrity to DNS resolvers. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000022 - The Windows 2012 DNS Server must only allow the use of an approved DoD PKI-established certificate authorities for verification of the establishment of protected transactions. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000027 - The Windows 2012 DNS Server must use DNS Notify to prevent denial of service through increase in workload. | DISA Microsoft Windows 2012 Server Domain Name System STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
