| 1.1.1 Enforce password history (>=24) | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Maximum password age (Max of 90 days or less) | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Minimum password age (>=1) | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Minimum password length (>=12) | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Password must meet complexity requirements | IDENTIFICATION AND AUTHENTICATION |
| 1.1.6 Store passwords using reversible encryption | IDENTIFICATION AND AUTHENTICATION |
| 1.1.7 Account lockout duration | ACCESS CONTROL |
| 1.1.8 Account lockout threshold | ACCESS CONTROL |
| 1.1.9 Reset account lockout counter after | ACCESS CONTROL |
| 1.1.10 Enforce user logon restrictions | ACCESS CONTROL |
| 1.1.11 Maximum tolerance for computer clock synchronization | AUDIT AND ACCOUNTABILITY |
| 1.1.12 Maximum lifetime for service ticket | IDENTIFICATION AND AUTHENTICATION |
| 1.1.13 Maximum lifetime for user ticket renewal | IDENTIFICATION AND AUTHENTICATION |
| 1.1.14 Maximum lifetime for user ticket | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Audit account logon events | AUDIT AND ACCOUNTABILITY |
| 1.2.2 Audit account management | AUDIT AND ACCOUNTABILITY |
| 1.2.3 Audit directory service access | AUDIT AND ACCOUNTABILITY |
| 1.2.4 Audit logon events | AUDIT AND ACCOUNTABILITY |
| 1.2.5 Audit object access | AUDIT AND ACCOUNTABILITY |
| 1.2.6 Audit policy change | AUDIT AND ACCOUNTABILITY |
| 1.2.7 Audit privilege use | AUDIT AND ACCOUNTABILITY |
| 1.2.8 Audit process tracking | AUDIT AND ACCOUNTABILITY |
| 1.2.9 Audit system events | AUDIT AND ACCOUNTABILITY |
| 1.2.10 Audit: Shut down system immediately if unable to log security audits | AUDIT AND ACCOUNTABILITY |
| 1.2.11 Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | AUDIT AND ACCOUNTABILITY |
| 1.3.1 Audit Policy: System: IPsec Driver | AUDIT AND ACCOUNTABILITY |
| 1.3.2 Audit Policy: System: Security State Change | AUDIT AND ACCOUNTABILITY |
| 1.3.3 Audit Policy: System: Security System Extension | AUDIT AND ACCOUNTABILITY |
| 1.3.4 Audit Policy: System: System Integrity | AUDIT AND ACCOUNTABILITY |
| 1.3.5 Audit Policy: Logon-Logoff: Logoff | AUDIT AND ACCOUNTABILITY |
| 1.3.6 Audit Policy: Logon-Logoff: Logon | AUDIT AND ACCOUNTABILITY |
| 1.3.7 Audit Policy: Logon-Logoff: Special Logon | AUDIT AND ACCOUNTABILITY |
| 1.3.8 Audit Policy: Object Access: File System | AUDIT AND ACCOUNTABILITY |
| 1.3.9 Audit Policy: Object Access: Registry | AUDIT AND ACCOUNTABILITY |
| 1.3.10 Audit Policy: Privilege Use: Sensitive Privilege Use | AUDIT AND ACCOUNTABILITY |
| 1.3.11 Audit Policy: Detailed Tracking: Process Creation | AUDIT AND ACCOUNTABILITY |
| 1.3.12 Audit Policy: Policy Change: Audit Policy Change | AUDIT AND ACCOUNTABILITY |
| 1.3.13 Audit Policy: Policy Change: Authentication Policy Change | AUDIT AND ACCOUNTABILITY |
| 1.3.14 Audit Policy: Account Management: Computer Account Management | AUDIT AND ACCOUNTABILITY |
| 1.3.15 Audit Policy: Account Management: Other Account Management Events | AUDIT AND ACCOUNTABILITY |
| 1.3.16 Audit Policy: Account Management: Security Group Management | AUDIT AND ACCOUNTABILITY |
| 1.3.17 Audit Policy: Account Management: User Account Management | AUDIT AND ACCOUNTABILITY |
| 1.3.18 Audit Policy: DS Access: Directory Service Access - Domain Controller | AUDIT AND ACCOUNTABILITY |
| 1.3.18 Audit Policy: DS Access: Directory Service Access - Member Server | AUDIT AND ACCOUNTABILITY |
| 1.3.19 Audit Policy: DS Access: Directory Service Changes - Domain Controller | AUDIT AND ACCOUNTABILITY |
| 1.3.19 Audit Policy: DS Access: Directory Service Changes - Member Server | AUDIT AND ACCOUNTABILITY |
| 1.3.20 Audit Policy: Account Logon: Credential Validation | AUDIT AND ACCOUNTABILITY |
| 1.4.1 Application: Maximum Log Size (KB) | AUDIT AND ACCOUNTABILITY |
| 1.4.2 Application: Retain old events | AUDIT AND ACCOUNTABILITY |
| 1.4.3 Security: Maximum Log Size (KB) | AUDIT AND ACCOUNTABILITY |
