| 2.2.7 (L1) Ensure 'Allow log on locally' is set to 'Administrators, ENTERPRISE DOMAIN CONTROLLERS' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.21 Ensure 'Debug programs' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.28 Ensure 'Deny log on as a service' to include 'Guests' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.41 Ensure 'Impersonate a client after authentication' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.46 Ensure 'Load and unload device drivers' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.47 Ensure 'Lock pages in memory' is set to 'No One' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.52 Ensure 'Modify firmware environment values' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.53 Ensure 'Perform volume maintenance tasks' is set to 'Administrators' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.56 Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Ensure 'Accounts: Block Microsoft accounts' is set to 'Users can't add or log on with Microsoft accounts' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.1.4 Ensure 'Accounts: Limit local account use of blank passwords to console logon only' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.3.2.1 Ensure 'Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.2.2 Ensure 'Audit: Shut down system immediately if unable to log security audits' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.5.2 Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 2.3.6.4 Ensure 'Domain member: Disable machine account password changes' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.6.6 Ensure 'Domain member: Require strong (Windows 2000 or later) session key' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.3 Ensure 'Interactive logon: Machine inactivity limit' is set to '900 or fewer second(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.5 Configure 'Interactive logon: Message title for users attempting to log on' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.9.1 Ensure 'Microsoft network server: Amount of idle time required before suspending session' is set to '15 or fewer minute(s)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.11.12 Ensure 'Network security: Restrict NTLM: Audit NTLM authentication in this domain' is set to 'Enable all' (DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.11.13 Ensure 'Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers' is set to 'Audit all' or higher | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 2.3.15.2 Ensure 'System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links)' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.17.7 Ensure 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 9.2.1 (L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.4 (L1) Ensure 'Windows Firewall: Private: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\privatefw.log' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.7 (L1) Ensure 'Windows Firewall: Private: Logging: Log successful connections' is set to 'Yes' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.8.1.1 Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.4.2 Ensure 'Remote host allows delegation of non-exportable credentials' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.5.3 Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock' | CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.5.6 Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.19.3 Ensure 'Configure registry policy processing: Process even if the Group Policy objects have not changed' is set to 'Enabled: TRUE' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.9.19.7 Ensure 'Turn off background refresh of Group Policy' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 18.9.28.5 Ensure 'Turn off app notifications on the lock screen' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.9.49.1 Ensure 'Turn off the advertising ID' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.10.1 Ensure 'Allow Use of Camera' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.15.2 Ensure 'Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service' is set to 'Enabled: Disable Authenticated Proxy usage' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.42.5.2 Ensure 'Join Microsoft MAPS' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.1 Ensure 'Do not allow COM port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.3 Ensure 'Do not allow LPT port redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.10.1 Ensure 'Set time limit for active but idle Remote Desktop Services sessions' is set to 'Enabled: 15 minutes or less, but not Never (0)' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | ACCESS CONTROL |
| 18.10.56.3.10.2 Ensure 'Set time limit for disconnected sessions' is set to 'Enabled: 1 minute' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | ACCESS CONTROL |
| 18.10.58.4 Ensure 'Allow search highlights' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.62.1 Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.88.2.2 Ensure 'Allow remote server management through WinRM' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.8.1 Ensure 'Configure Windows spotlight on lock screen' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'name' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'profile' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| WPAW-00-000700 - The Windows PAW must be configured with a vendor-supported version of Windows 11 and applicable security patches that are DOD approved. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT |
