Item Search

NameAudit NamePluginCategory
18.3.5 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.4.5 (L1) Ensure 'Enable Structured Exception Handling Overwrite Protection (SEHOP)' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.7.2 (L1) Ensure 'Configure Redirection Guard' is set to 'Enabled: Redirection Guard Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles'CIS Microsoft Windows 11 Enterprise v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.9.4.1 (L1) Ensure 'Encryption Oracle Remediation' is set to 'Enabled: Force Updated Clients'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (L1) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (L1) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 (NG) Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.1 Ensure 'Turn On Virtualization Based Security' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higherCIS Microsoft Windows 10 Enterprise v3.0.0 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.2 (NG) Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higherCIS Microsoft Windows Server 2019 STIG v2.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.2 Ensure 'Turn On Virtualization Based Security: Select Platform Security Level' is set to 'Secure Boot' or higherCIS Microsoft Windows Server 2016 STIG v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.3 (NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.3 (NG) Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.3 Ensure 'Turn On Virtualization Based Security: Virtualization Based Protection of Code Integrity' is set to 'Enabled with UEFI lock'CIS Microsoft Windows Server 2016 STIG v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (L1) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2016 v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 (NG) Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.4 Ensure 'Turn On Virtualization Based Security: Require UEFI Memory Attributes Table' is set to 'True (checked)'CIS Microsoft Windows Server 2016 STIG v3.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Credential Guard Configuration' is set to 'Disabled' (DC Only)CIS Microsoft Windows Server 2016 v3.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.6 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.7 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows Server 2016 v3.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.7 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.5.7 (NG) Ensure 'Turn On Virtualization Based Security: Secure Launch Configuration' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 NG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked)CIS Microsoft Windows 11 Stand-alone v3.0.0 BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 (L1) Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.1 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: Good, unknown and bad but critical'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.13.2 Ensure 'Boot-Start Driver Initialization Policy' is set to 'Enabled: any, but ALL' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.9.25.5 (L1) Ensure 'Default Protections for Recommended Software' is set to 'Enabled'CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 v3.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.29.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6 (L1) Ensure 'Turn on Microsoft Defender Application Guard in Managed Mode' is set to 'Enabled: 1'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6.1.1 (L1) Ensure 'Configure Attack Surface Reduction rules' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.43.6.1.2 (L1) Ensure 'Configure Attack Surface Reduction rules: Set the state for each ASR rule' is configuredCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.1.1 (L1) Ensure 'Automatic Data Collection' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.1.3 (L1) Ensure 'Notify Password Reuse' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.1.4 (L1) Ensure 'Notify Unsafe App' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.1.5 (L1) Ensure 'Service Enabled' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.76.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only)CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.91.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.91.2.1 Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain ControllerWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.92.2.1 (L1) Ensure 'Prevent users from modifying settings' is set to 'Enabled'CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MSWindows

SYSTEM AND INFORMATION INTEGRITY