| 18.8.7.2 Ensure 'Allow remote access to the Plug and Play interface' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.11.1.7 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Save BitLocker recovery information to AD DS for fixed data drives' is set to 'Enabled: False' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.12 Ensure 'Require additional authentication at startup: Allow BitLocker without a compatible TPM' is set to 'Enabled: False' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.17 (BL) Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.4 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.3.7 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Save BitLocker recovery information to AD DS for removable data drives' is set to 'Enabled: False' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v4.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.20.1.2 Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v5.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.2.1 (L1) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.9.2.6 (L1) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.10.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v5.0.1 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.10.2.1 Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L2 BL | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.5 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 10 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 11 Stand-alone v5.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.5 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Password' is set to 'Enabled: Require 48-digit recovery password' | CIS Microsoft Windows 11 Stand-alone v5.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.6 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.6 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 11 Enterprise v5.0.1 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS Internet Explorer 10 Benchmark Version 1.1.0 | CIS IE 10 v1.1.0 | Windows | |
| CIS_AlmaLinux_OS_8_v4.0.0_L1_Workstation.audit from CIS AlmaLinux OS 8 v4.0.0 | CIS AlmaLinux OS 8 v4.0.0 L1 Workstation | Unix | |
| CIS_AlmaLinux_OS_8_v4.0.0_L2_Workstation.audit from CIS AlmaLinux OS 8 v4.0.0 | CIS AlmaLinux OS 8 v4.0.0 L2 Workstation | Unix | |
| CIS_AlmaLinux_OS_10_v1.0.0_L2_Workstation.audit from CIS AlmaLinux OS 10 v1.0.0 | CIS AlmaLinux OS 10 v1.0.0 L2 Workstation | Unix | |
| CIS_Apache_Tomcat_10_L1_v1.1.0_Middleware.audit from CIS Apache Tomcat 10 Benchmark | CIS Apache Tomcat 10 L1 v1.1.0 Middleware | Unix | |
| CIS_Debian_Linux_10_v2.0.0_L2_Server.audit from CIS Debian Linux 10 v2.0.0 | CIS Debian Linux 10 v2.0.0 L2 Server | Unix | |
| CIS_Debian_Linux_11_v2.0.0_L2_Server.audit from CIS Debian Linux 11 v2.0.0 | CIS Debian Linux 11 v2.0.0 L2 Server | Unix | |
| CIS_Debian_Linux_12_v1.1.0_L2_Server.audit from CIS Debian Linux 12 v1.1.0 | CIS Debian Linux 12 v1.1.0 L2 Server | Unix | |
| CIS_IBM_DB2_10_v1.1.0_Level_1_OS_Linux.audit from CIS DB2 10.x Linux | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
| CIS_Kubernetes_v1.24_v1.0.0_Level_2_Worker.audit from CIS Kubernetes v1.24 Benchmark v1.0.0 | CIS Kubernetes v1.24 Benchmark v1.0.0 L2 Worker | Unix | CONFIGURATION MANAGEMENT |
| CIS_MongoDB_3.6_Benchmark_Level_1_DB_v1.1.0.audit from CIS MongoDB 3.6 Benchmark | CIS MongoDB 3.6 Database Audit L1 v1.1.0 | MongoDB | |
| CIS_MongoDB_3.6_Benchmark_Level_2_DB_v1.1.0.audit from CIS MongoDB 3.6 Benchmark | CIS MongoDB 3.6 Database Audit L2 v1.1.0 | MongoDB | |
| CIS_MongoDB_8_v1.0.0_L1_Windows.audit from CIS MongoDB 8 Benchmark v1.0.0 | CIS MongoDB 8 v1.0.0 L1 Windows | Windows | |
| CIS_MongoDB_8_v1.0.0_L2_Windows.audit from CIS MongoDB 8 Benchmark v1.0.0 | CIS MongoDB 8 v1.0.0 L2 Windows | Windows | |
| Salesforce.com : Monitoring Login History - 'Inactive users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Monitoring Login History - 'No users are password locked' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Network-Based Security - 'Trusted IP Range has been defined' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Object Permissions - 'DefaultCampaignAccess should not be Public Full Access or Public Read/Write' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Password Policies - 'Obscure secret answer for password resets = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Session Security - 'Disable timeout warning = false' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | CONFIGURATION MANAGEMENT |
| Salesforce.com : Setting Session Security - 'Enable clickjack protection for non-setup customer Visualforce pages = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | SYSTEM AND COMMUNICATIONS PROTECTION |
| Salesforce.com : Setting Session Security - 'Enable SMS-based identity confirmation = true' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | IDENTIFICATION AND AUTHENTICATION |
| Salesforce.com : Setting Session Security - 'Review Call Center Auto-Login Users' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Offline User' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | |
| Salesforce.com : Setting Session Security - 'Review Users that have not changed their password recently' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
| Salesforce.com : Setting Session Security - 'Session Timeout <= 2 hours' | TNS Salesforce Best Practices Audit v1.2.0 | Salesforce.com | ACCESS CONTROL |
