| 1.2.4.2.1.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.18 Set 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.19 Set 'Configure TPM startup:' to 'Do not allow TPM' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.21 Configure 'Use enhanced Boot Configuration Data validation profile' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.22 Configure 'Enable use of BitLocker authentication requiring preboot keyboard input on slates' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.29 Configure 'Allow network unlock at startup' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.30 Configure 'Reset platform validation data after BitLocker recovery' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.6 Set 'Use BitLocker software-based encryption when hardware encryption is not available' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.7 Set 'Restrict crypto algorithms or cipher suites to the following:' to '2.16.840.1.101.3.4.1.2;2.16.840.1.101.3.4.1.42' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.18 Set 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.19 Configure 'Control use of BitLocker on removable drives' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.5 Set 'Select the encryption method:' to 'Enabled:AES 256-bit' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.8 Configure 'Provide the unique identifiers for your organization' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 Ensure Databases running on RDS have encryption at rest enabled | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5 Ensure all EBS volumes for Web-Tier are encrypted | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Ensure all EBS volumes for App-Tier are encrypted | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication | CIS IIS 8.0 v1.5.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Applications | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure 'cookie protection mode' is configured for forms authentication - Default | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1.1 Enable FileVault | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.1.1 Enable FileVault | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7.2 Time Machine Volumes Are Encrypted | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8.2 Time Machine Volumes Are Encrypted | CIS Apple macOS 10.12 L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8.2 Time Machine Volumes Are Encrypted | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8.2 Time Machine Volumes Are Encrypted | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8.2 Time Machine Volumes Are Encrypted | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure Database Backups are Encrypted | CIS Microsoft SQL Server 2019 v1.4.0 L2 Database Engine | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.1 Ensure 'Allow access to BitLocker-protected fixed data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.13 Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.19 (BL) Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.1 Ensure 'Allow access to BitLocker-protected removable data drives from earlier versions of Windows' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Allow enhanced PINs for startup | MSCT Windows 11 v23H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsOs | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) - EncryptionMethodWithXtsRdv | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Deny write access to removable drives not protected by BitLocker - RDVDenyCrossOrg | MSCT Windows 10 v22H2 v1.0.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Deny write access to removable drives not protected by BitLocker - RDVDenyCrossOrg | MSCT Windows 11 v1.0.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Deny write access to removable drives not protected by BitLocker - RDVDenyWriteAccess | MSCT Windows 10 v21H1 v1.0.0 | Windows | MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
