| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 2.3.11.6 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' - Send NTLMv2 response only. Refuse LM & NTLM | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.7 Ensure 'Network security: LAN Manager authentication level' is set to 'Send NTLMv2 response only. Refuse LM & NTLM' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 8.12 (L1) VMware Tools must limit the use of MSI transforms when reconfiguring VMware Tools | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | CONFIGURATION MANAGEMENT |
| 18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.37.1 Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' (MS only) - Enabled | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| Access data sources across domains - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Accounts: Limit local account use of blank passwords to console logon only - LimitBlankPasswordUse | MSCT Windows Server 2025 DC v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Allow indexing of encrypted files - AllowIndexingEncryptedStoresOrItems | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow only approved domains to use ActiveX controls without prompt - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow unencrypted traffic - Client - AllowUnencryptedTraffic | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Allow VBScript to run in Internet Explorer - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Audit Account Lockout | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Authentication Policy Change | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit insecure guest logon - LanmanServer AuditInsecureGuestLogon | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Kerberos Service Ticket Operations | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security System Extension | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit System Integrity | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit User Account Management | MSCT Windows Server 2025 DC v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Boot-Start Driver Initialization Policy - DriverLoadPolicy | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure Attack Surface Reduction rules - e6db77e5-3df2-4cf1-b95a-636979351e5b | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Configure detection for potentially unwanted applications | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure enhanced anti-spoofing - EnhancedAntiSpoofing | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure hash algorithms for certificate logon - KDC PKINITSHA1 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - Kerberos PKInitSHA256 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure hash algorithms for certificate logon - Kerberos PKInitSHA512 | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure real-time protection and Security Intelligence Updates during OOBE | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Configure registry policy processing - NoBackgroundPolicy | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Configure Windows Defender SmartScreen - EnableSmartScreen | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Control whether exclusions are visible to local users | MSCT Windows Server 2025 DC v1.0.0 | Windows | |
| Debug programs | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Don't run antimalware programs against ActiveX controls - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Local Machine Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Don't run antimalware programs against ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download unsigned ActiveX controls - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Download unsigned ActiveX controls - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EDGE-00-000031 - Personalization of ads, search, and news by sending browsing history to Microsoft must be disabled. | DISA STIG Edge v2r2 | Windows | CONFIGURATION MANAGEMENT |
| Enable computer and user accounts to be trusted for delegation | MSCT Windows Server 2025 DC v1.0.0 | Windows | ACCESS CONTROL |
| Enable dragging of content from different domains across windows - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Internet Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable dragging of content from different domains within a window - Restricted Sites Zone | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable Structured Exception Handling Overwrite Protection (SEHOP) - DisableExceptionChainValidation | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Extended Protection for LDAP Authentication (Domain Controllers only) (DEPRECATED) | MSCT Windows Server 2025 DC v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
