| 2.2.12 Ensure 'Change the system time' is set to 'Administrators, LOCAL SERVICE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.15 Ensure 'Create a token object' is set to 'No One' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.37 Ensure 'Enable computer and user accounts to be trusted for delegation' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.44 Ensure 'Increase scheduling priority' is set to 'Administrators, Window Manager\Window Manager Group' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.54 Ensure 'Profile single process' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.58 Ensure 'Shut down the system' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.60 Ensure 'Take ownership of files or other objects' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.10.6 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 17.2.2 Ensure 'Audit Computer Account Management' is set to include 'Success' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.3 Ensure 'Audit Logoff' is set to include 'Success' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.5.4 Ensure 'Audit Logon' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.6.3 Ensure 'Audit Other Object Access Events' is set to 'Success and Failure' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.4 Ensure 'Audit Authorization Policy Change' is set to include 'Success' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.4.3 Ensure 'Configure SMB v1 client driver' is set to 'Enabled: Disable driver (recommended)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.4.4 Ensure 'Configure SMB v1 server' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.4.9 Ensure 'WDigest Authentication' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 Ensure 'MSS: (NoNameReleaseOnDemand) Allow the computer to ignore NetBIOS name release requests except from WINS servers' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.1 Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.21.1 Ensure 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is set to 'Enabled: 3 = Prevent Wi-Fi when on Ethernet' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.7.1 Ensure 'Allow Print Spooler to accept client connections' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.19.6 Ensure 'Continue experiences on this device' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.10 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 18.9.28.6 Ensure 'Turn off picture password sign-in' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.31.2 Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.33.6.2 Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.51.1.1 Ensure 'Enable Windows NTP Client' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.12.2 Ensure 'Turn off Microsoft consumer experiences' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.1 Ensure 'Allow Diagnostic Data' is set to 'Enabled: Diagnostic data off (not recommended)' or 'Enabled: Send required diagnostic data' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.5 Ensure 'Enable OneSettings Auditing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.15.8 Ensure 'Toggle user control over Insider builds' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.25.1.1 Ensure 'Application: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.25.3.1 Ensure 'Setup: Control Event Log behavior when the log file reaches its maximum size' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.25.4.2 Ensure 'System: Specify the maximum log file size (KB)' is set to 'Enabled: 32,768 or greater' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.42.7.1 Ensure 'Enable file hash computation feature' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.1 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.2 Ensure 'Turn off real-time protection' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.3 Ensure 'Turn on behavior monitoring' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.13.1 Ensure 'Scan packed executables' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.56.3.9.5 Ensure 'Set client connection encryption level' is set to 'Enabled: High Level' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.11.1 Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.56.3.11.2 Ensure 'Do not use temporary folders per session' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.1 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn and prevent bypass' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.79.2 Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.81.1 Ensure 'Sign-in and lock last interactive user automatically after a restart' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.8.3 Ensure 'Do not use diagnostic data for tailored experiences' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.44.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
