| 2.2.38 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.44 Ensure 'Manage auditing and security log' is set to 'Administrators' (DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 (L1) Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5.3 Ensure 'Domain controller: LDAP server channel binding token requirements' is set to 'Always' (DC Only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Create CIS Audit Class | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 18.3.6 (L1) Ensure 'Extended Protection for LDAP Authentication (Domain Controllers only)' is set to 'Enabled: Enabled, always (recommended)' (DC Only) | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| AADC-CL-001075 - Unsupported versions of Adobe Acrobat Pro DC Classic must be uninstalled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| AADC-CL-001285 - Adobe Acrobat Pro DC Classic must disable the ability to store files on Acrobat.com. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CL-001315 - Adobe Acrobat Pro DC Classic SharePoint and Office365 access must be disabled. | DISA STIG Adobe Acrobat Pro DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-000295 - The Adobe Acrobat Pro DC Continuous Send and Track plugin for Outlook must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-000955 - Adobe Acrobat Pro DC Continuous FIPS mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CN-000990 - Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CN-001010 - Adobe Acrobat Pro DC Continuous Protected Mode must be enabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AADC-CN-001285 - Adobe Acrobat Pro DC Continuous must disable the ability to store files on Acrobat.com. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001290 - Adobe Acrobat Pro DC Continuous Cloud Synchronization must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001295 - Adobe Acrobat Pro DC Continuous Repair Installation must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001305 - Adobe Acrobat Pro DC Continuous Webmail must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001310 - The Adobe Acrobat Pro DC Continuous Welcome Screen must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| AADC-CN-001315 - Adobe Acrobat Pro DC Continuous SharePoint and Office365 access must be disabled. | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CL-000015 - Adobe Reader DC must enable Protected Mode. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000020 - Adobe Reader DC must enable Protected View. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CL-000060 - Adobe Reader DC must disable all service access to Document Cloud Services. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CL-000070 - Adobe Reader DC must disable the Adobe Repair Installation. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CL-000075 - Adobe Reader DC must disable 3rd Party Web Connectors. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CL-000115 - Adobe Reader DC must disable the Adobe Welcome Screen. | DISA STIG Adobe Acrobat Reader DC Classic Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000015 - Adobe Reader DC must enable Protected Mode. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000020 - Adobe Reader DC must enable Protected View. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARDC-CN-000055 - Adobe Reader DC must disable the Adobe Send and Track plugin for Outlook. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000060 - Adobe Reader DC must disable all service access to Document Cloud Services. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000070 - Adobe Reader DC must disable the Adobe Repair Installation. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000075 - Adobe Reader DC must disable 3rd Party Web Connectors. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000100 - Adobe Reader DC must disable Online SharePoint Access. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000115 - Adobe Reader DC must disable the Adobe Welcome Screen. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | CONFIGURATION MANAGEMENT |
| ARDC-CN-000345 - Adobe Reader DC must enable FIPS mode. | DISA STIG Adobe Acrobat Reader DC Continuous Track v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_DC_SERVER_2012_Level_1_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 1 | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | |
| CIS_DC_SERVER_2012_Level_2_v3.0.0.audit from CIS Security Benchmark For Microsoft Windows Server 2012 DC Level 2 | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | |
| DKER-EE-001800 - The insecure registry capability in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001840 - Experimental features in the Docker Engine - Enterprise component of Docker Enterprise must be disabled. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001870 - The Docker Enterprise self-signed certificates in Universal Control Plane (UCP) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001880 - The Docker Enterprise self-signed certificates in Docker Trusted Registry (DTR) must be replaced with DoD trusted, signed certificates. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001900 - The Create repository on push option in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| DKER-EE-001920 - Periodic data usage and analytics reporting in Docker Trusted Registry (DTR) must be disabled in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | CONFIGURATION MANAGEMENT |
| FGFW-ND-000245 - The FortiGate device must use LDAPS for the LDAP connection. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-006100 - The MySQL Database Server 8.0 must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| Word 2003 binary documents and templates | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WPAW-00-001300 - A Windows PAW used to manage domain controllers and directory services must not be used to manage any other type of high-value IT resource. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
