| 1.1.1.5 Set 'Enforce password history' to '24 or more password(s)' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2.13 Set 'Audit Policy: System: Security State Change' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.28 Set 'Audit Policy: Object Access: Kernel Object' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.30 Set 'Audit Policy: Object Access: Application Generated' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.32 Set 'Audit Policy: Policy Change: Audit Policy Change' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.35 Set 'Audit Policy: System: Other System Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.36 Set 'Audit Policy: Logon-Logoff: Other Logon/Logoff Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.46 Set 'Audit Policy: Object Access: Removable Storage' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.51 Set 'Audit Policy: Detailed Tracking: Process Creation' to 'Success' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.54 Set 'Audit Policy: Object Access: File System' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.1.1 Set 'Accounts: Block Microsoft accounts' to 'Users can't add or log on with Microsoft accounts' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.1.5 Set 'Accounts: Guest account status' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.2.2 Enable 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.3.1 Configure 'DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.5.1 Set 'Domain member: Require strong (Windows 2000 or later) session key' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.5.2 Set 'Domain member: Digitally sign secure channel data (when possible)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.5.3 Set 'Domain member: Digitally encrypt secure channel data (when possible)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.6.3 Configure 'Interactive logon: Require smart card' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.6.6 Set 'Interactive logon: Require Domain Controller authentication to unlock workstation' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.10.6 Set 'Network access: Sharing and security model for local accounts' to 'Classic - local users authenticate as themselves' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.10.7 Set 'Network access: Remotely accessible registry paths and sub-paths' to the following list | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.11.4 Set 'Network security: Allow LocalSystem NULL session fallback' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.11.9 Configure 'Network Security: Restrict NTLM: Add remote server exceptions for NTLM authentication' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.11.15 Set 'Network Security: Configure encryption types allowed for Kerberos' to 'RC4\AES128\AES256\Future types' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.13.1 Set 'Shutdown: Clear virtual memory pagefile' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2 Ensure 'host headers' are on all sites | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3 Ensure 'forms authentication' require SSL - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'forms authentication' is set to use cookies - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.6 Ensure transport layer security for 'basic authentication' is configured | CIS IIS 7 L1 v1.8.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 3.9 Ensure 'MachineKey validation method - .Net 4.5' is configured - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6 Ensure 'HTTP Trace Method' is disabled - Applications | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Request Rate | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2.6 Ensure SSH IgnoreRhosts is enabled | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 5.2.8 Ensure SSH root login is disabled | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.1 Ensure password creation requirements are configured - try_first_pass | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth [default=die] pam_faillock.so authfail audit deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 5.3.2 Ensure lockout for failed password attempts is configured - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.1 Ensure FTP requests are encrypted - Control Channel Sites | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.9 Ensure permissions on /etc/gshadow- are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.1.11 Ensure no unowned files or directories exist | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.5 Ensure root is the only UID 0 account | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 6.2.8 Ensure users' home directories permissions are 750 or more restrictive | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.10 Ensure users' dot files are not group or world writable | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 6.2.17 Ensure no duplicate GIDs exist | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.18 Ensure no duplicate user names exist | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.4 Ensure TLS 1.0 is enabled - DisabledByDefault | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure TLS 1.0 is disabled | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.10 Ensure RC4 Cipher Suites is disabled - RC4 40/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.14 Ensure TLS Cipher Suite ordering is configured | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
