| 1.3 Create mozilla.cfg file | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.4.2 Ensure 'Default file format' is set to Enabled (Access 2007) | CIS Microsoft Office Access 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.4.7.2.2.4 Ensure 'Document Behavior if File Validation Fails' is Enabled (Open in Protected View and Unchecked for 'Do not allow edit') | CIS Microsoft Office Excel 2013 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.4.7.4 Ensure 'Force File Extension to Match File Type' is set to Enabled(Always match file type) | CIS Microsoft Office Excel 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.5 Protect Firefox Binaries | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure 'Disable Slide Update' is set to Enabled | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.6.5.1 Ensure 'Default file format' is set to Enabled (PowerPoint Presentation (*pptx)) | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.6.6.2.3.2 Ensure 'Disable all trusted locations' is set to Enabled | CIS Microsoft Office PowerPoint 2016 v1.0.1 | Windows | CONFIGURATION MANAGEMENT |
| 1.7.1.1 Ensure message of the day is configured properly - mrsv | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.5.2 (L1) Ensure 'Domain controller: Allow vulnerable Netlogon secure channel connections' is set to 'Not Configured' (DC Only) | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.7.1 (L1) Ensure 'Interactive logon: Do not display last user name' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.7.2 (L1) Ensure 'Interactive logon: Do not require CTRL+ALT+DEL' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.9.5 (L1) Ensure 'Microsoft network server: Server SPN target name validation level' is set to 'Accept if provided by client' or higher (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.10.13 (L1) Ensure 'Network access: Sharing and security model for local accounts' is set to 'Classic - local users authenticate as themselves' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.3.15.1 (L1) Ensure 'System objects: Require case insensitivity for non-Windows subsystems' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Set File URI Origin Policy | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Validate Proxy Settings | CIS Mozilla Firefox 102 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.2.4 Ensure SSH X11 forwarding is disabled | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4.3.1 Ensure nologin is not listed in /etc/shells | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | CONFIGURATION MANAGEMENT |
| 5.4.3.1 Ensure nologin is not listed in /etc/shells | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 6.3 Tracking Protection - privacy.trackingprotection.pbmode | CIS Mozilla Firefox 38 ESR Windows L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.1.1.2 (L1) Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.1.1.2 Ensure 'Prevent enabling lock screen slide show' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.3 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.3 (L1) Ensure 'Configure RPC connection settings: Protocol to use for outgoing RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.7.4 (L1) Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.4 (L1) Ensure 'Configure RPC connection settings: Use authentication for outgoing RPC connections' is set to 'Enabled: Default' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.7.4 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.5 (L1) Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.5 (L1) Ensure 'Configure RPC listener settings: Protocols to allow for incoming RPC connections' is set to 'Enabled: RPC over TCP' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 18.7.6 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.7 (L1) Ensure 'Configure RPC over TCP port' is set to 'Enabled: 0' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.7.13 (L1) Ensure 'Point and Print Restrictions: When updating drivers for an existing connection' is set to 'Enabled: Show warning and elevation prompt' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.11.2 (L1) Ensure 'Do not use temporary folders per session' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.1 (L1) Ensure 'Configure enhanced anti-spoofing' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.14.3 (L1) Ensure 'Prevent the use of security questions for local accounts' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.11.1 (L1) Ensure 'Do not delete temp folders upon exit' is set to 'Disabled' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 (L1) Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | CONFIGURATION MANAGEMENT |
| 19.7.5.1 Ensure 'Do not preserve zone information in file attachments' is set to 'Disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.12 Ensure 'Administrative accounts cannot be used with applications that access the Internet, such as web browsers, or with potential Internet sources, such as email' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.35 Ensure 'Manually managed application account passwords be changed at least annually or when a system administrator with knowledge of the password leaves the organization' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.42 Ensure 'Operating System is maintained at a supported servicing level' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.44 Ensure 'Orphaned security identifiers (SIDs) must be removed from user rights' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
