Item Search

NameAudit NamePluginCategory
2.2.16 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests'CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.22 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account and member of Administrators group' (MS only)CIS Microsoft Windows Server 2019 v3.0.1 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.22 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account and member of Administrators group' (MS only)CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.22 (L1) Ensure 'Deny access to this computer from the network' to include 'Guests, Local account and member of Administrators group' (MS only)CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.22 Ensure 'Deny access to this computer from the network' to include 'Guests' (DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2.24 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL

2.2.24 Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' - Guests (DC only)CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL

2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured - Network access: Remotely accessible registry paths and sub-paths is configuredCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MSWindows

ACCESS CONTROL

2.3.10.8 Configure 'Network access: Remotely accessible registry paths and sub-paths' is configured - Network access: Remotely accessible registry paths and sub-paths is configuredCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

ACCESS CONTROL

2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 (L1) Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain ControllerWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled'CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BLWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2016 v3.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain ControllerWindows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION

18.8.53.1.2 (L2) Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1Windows

AUDIT AND ACCOUNTABILITY

18.9.47.11.1 (L1) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1Windows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NGWindows

CONFIGURATION MANAGEMENT

18.9.47.11.1 (L2) Ensure 'Enable/Disable PerfTrack' is set to 'Disabled'CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BLWindows

CONFIGURATION MANAGEMENT

18.9.51.1.2 (L1) Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)CIS Microsoft Windows Server 2022 v3.0.0 L1 Member ServerWindows

AUDIT AND ACCOUNTABILITY

18.9.51.1.2 (L1) Ensure 'Enable Windows NTP Server' is set to 'Disabled' (MS only)CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

AUDIT AND ACCOUNTABILITY

18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.2 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NGWindows

SYSTEM AND INFORMATION INTEGRITY

18.10.28.3 (L1) Ensure 'Turn off Data Execution Prevention for Explorer' is set to 'Disabled'CIS Microsoft Windows 11 Stand-alone v3.0.0 L1Windows

SYSTEM AND INFORMATION INTEGRITY

18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

18.10.58.2 (L1) Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Disabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

20.40 Ensure 'Only Administrators have Administrator rights on the system' (STIG MS only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_Next_Generation_Windows_Security_-_Domain_Controller.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0CIS Microsoft Windows Server 2019 STIG v3.0.0 NG DCWindows
CIS_Microsoft_Windows_Server_2019_STIG_v3.0.0_Next_Generation_Windows_Security_-_Member_Server.audit from CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0CIS Microsoft Windows Server 2019 STIG v3.0.0 NG MSWindows
CIS_Microsoft_Windows_Server_2022_STIG_v2.0.0_Next_Generation_Windows_Security_-_Domain_Controller.audit from CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0CIS Microsoft Windows Server 2022 STIG v2.0.0 NG DCWindows
DISA_STIG_VMware_vSphere_6.7_VAMI-lighttpd_v1r3.audit from DISA VMware vSphere 6.7 VAMI-lighttpd v1r3 STIGDISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3Unix
DISA_VMware_vSphere_8.0_vCenter_Appliance_Perfcharts_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1Unix
EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND INFORMATION INTEGRITY

WN12-00-000160 - The Server Message Block (SMB) v1 protocol must be disabled on Windows 2012 R2.DISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-AD-000009-DC - The directory server supporting (directly or indirectly) system access or resource authorization must run on a machine dedicated to that function - ServicesDISA Windows Server 2012 and 2012 R2 DC STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION