| 2.3.1.4 Set 'key' for each 'ntp server' | CIS Cisco IOS XE 17.x v2.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 4.10.20.1.1 (L2) Ensure 'Turn off access to the Store' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 4 L2 OS Linux v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2 Ensure that audit filters are configured properly | CIS MongoDB 4 L2 OS Windows v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.9.20.1.1 (L2) Ensure 'Turn off access to the Store' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.41.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.7 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.3 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.12 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.15 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker: Do not allow write access to devices configured in another organization' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.36.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.36.1 Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.37.2 (L2) Ensure 'Turn off location' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.4.1 (L1) Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.4.1 (L1) Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.4.1 Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.93.4.1 (L1) Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.93.4.1 (L1) Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.93.4.1 (L1) Ensure 'Manage preview builds' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| CIS Control 12 (12.4(a)) Deny Communications Over Unauthorized Ports | CAS Implementation Group 1 Audit File | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Control 14 (14.6) Protect Information Through Access Control Lists | CAS Implementation Group 1 Audit File | Unix | ACCESS CONTROL |
| CIS_Apache_HTTP_Server_2.2_Benchmark_v3.6.0_Level_2.audit from CIS Apache HTTP Server 2.2 Benchark v3.6.0 | CIS Apache HTTP Server 2.2 L2 v3.6.0 | Unix | |
| CIS_Apache_HTTP_Server_2.4_v2.2.0_L2.audit from CIS Apache HTTP Server 2.4 Benchmark v2.2.0 | CIS Apache HTTP Server 2.4 v2.2.0 L2 | Unix | |
| CIS_Apple_macOS_12.0_Monterey_v4.0.0_L2.audit from CIS Apple macOS 12.0 Monterey Benchmark v4.0.0 | CIS Apple macOS 12.0 Monterey v4.0.0 L2 | Unix | |
| CIS_Apple_macOS_13.0_Ventura_v3.1.0_L2.audit from CIS Apple macOS 13.0 Ventura Benchmark v3.1.0 | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | |
| CIS_Fedora_28_Family_Linux_Server_L1_v2.0.0.audit from CIS Fedora 28 Family Linux Benchmark v2.0.0 | CIS Fedora 28 Family Linux Workstation L1 v2.0.0 | Unix | |
| CIS_Microsoft_Exchange_Server_2016_Level_1_CAS_v1.0.0.audit from CIS Microsoft Exchange Server 2016 v1.0.0 Benchmark | CIS Microsoft Exchange Server 2016 CAS v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| CIS_Ubuntu_18.04_LXD_Container_v1.0.0_L2.audit from CIS Ubuntu Linux 18.04 LXD Container Benchmark | CIS Ubuntu Linux 18.04 LXD Container L2 v1.0.0 | Unix | |
| DKER-EE-002180 - SAML integration must be enabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | IDENTIFICATION AND AUTHENTICATION |
| DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning. | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| WBSP-AS-001010 - The WebSphere Application Server LDAP user registry must be used. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION |
