| 2.2.12 Ensure 'SEC_CASE_SENSITIVE_LOGON' Is Set to 'TRUE' | CIS Oracle Server 11g R2 DB v2.2.0 | OracleDB | |
| 2.2.25 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.2.26 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.27 (L1) Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account' (MS only) | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.34 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' (DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.14 Ensure 'sa' Login Account is set to 'Disabled' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 18.3.1 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' - Enabled: Disable driver (recommended) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONTINGENCY PLANNING |
| 18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | CONTINGENCY PLANNING |
| 18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' | CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server | Windows | CONTINGENCY PLANNING |
| 18.9.25.1 (L1) Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONTINGENCY PLANNING |
| 18.9.25.1 Ensure 'Configure password backup directory' is set to 'Enabled: Active Directory' or 'Enabled: Azure Active Directory' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | CONTINGENCY PLANNING |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 (L1) Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.3 Ensure 'Enable password encryption' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.4 (L1) Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.4 Ensure 'Password Settings: Password Complexity' is set to 'Enabled: Large letters + small letters + numbers + special characters' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.5 (L1) Ensure 'Password Settings: Password Length' is set to 'Enabled: 15 or more' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.25.7 (L1) Ensure 'Post-authentication actions: Grace period (hours)' is set to 'Enabled: 8 or fewer hours, but not 0' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.92.2.3 (L1) Ensure 'Enable features introduced via servicing that are off by default' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| CIS_Microsoft_SQL_Server_2012_Database_v1.6.0_Level_1_OS.audit from Microsoft SQL Server 2012 Database, version 1.6.0 | CIS SQL Server 2012 Database L1 OS v1.6.0 | Windows | |
| WDNS-AU-000007 - The Windows 2012 DNS Server logging criteria must only be configured by the ISSM or individuals appointed by the ISSM. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| WDNS-CM-000006 - The Windows 2012 DNS Server with a caching name server role must be secured against pollution by ensuring the authenticity and integrity of queried records. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WDNS-IA-000001 - The Windows 2012 DNS Server must require devices to re-authenticate for each dynamic update request connection attempt. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-IA-000005 - The Windows 2012 DNS Server must provide its identity with returned DNS information by enabling DNSSEC and TSIG/SIG(0). | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | IDENTIFICATION AND AUTHENTICATION |
| WDNS-SC-000005 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data origin to DNS resolvers. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000007 - The Windows 2012 DNS Server must use DNSSEC data within queries to confirm data integrity to DNS resolvers. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000022 - The Windows 2012 DNS Server must only allow the use of an approved DoD PKI-established certificate authorities for verification of the establishment of protected transactions. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000025 - The Windows 2012 DNS Server must not contain zone records that have not been validated in over a year. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000027 - The Windows 2012 DNS Server must use DNS Notify to prevent denial of service through increase in workload. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SI-000005 - The Windows 2012 DNS Server must, when a component failure is detected, activate a notification to the system administrator. | DISA Microsoft Windows 2012 Server DNS STIG v2r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| WINER-000009 - The system must be configured to send error reports on TCP port 1232. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-GE-000057 - Windows 2012 / 2012 R2 must automatically remove or disable emergency accounts after the crisis is resolved or within 72 hours. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | ACCESS CONTROL |
| WN12-UR-000021-MS - The Deny log on through Remote Desktop Services user right on member servers must be configured to prevent access from highly privileged domain accounts and all local accounts on domain systems, and from unauthenticated access on all systems. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | ACCESS CONTROL |
