| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.20 (L1) Ensure 'Deny log on through Remote Desktop Services' to include 'Guests' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.7.9 Ensure 'Interactive logon: Smart card removal behavior' is set to 'Lock Workstation' or higher | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 5.1 Ensure 'Bluetooth Support Service (bthserv)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.21 Ensure 'Remote Registry (RemoteRegistry)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.31 Ensure 'Windows Error Reporting Service (WerSvc)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.1 Ensure 'Turn on Mapper I/O (LLTDIO) driver' is set to 'Disabled' - AllowLLTDIOOnPublicNet | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - EnableRspndr | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - EnableRegistrars | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.1 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.1 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.1 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.2 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.6.4.2 (L1) Ensure 'Configure NetBIOS settings' is set to 'Enabled: Disable NetBIOS name resolution on public networks' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.9 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.11 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.7.11 (L1) Ensure 'Manage processing of Queue-specific files' is set to 'Enabled: Limit Queue-specific files to Color profiles' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.22.1.3 Ensure 'Turn off handwriting recognition error reporting' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.22.1.6 Ensure 'Turn off Internet File Association service' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.11 Ensure 'Turn off the 'Publish to Web' task for files and folders' is set to 'Enabled' - Enabled | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.39.2 Ensure 'Turn off location' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.10.17.3 (L1) Ensure 'Enable App Installer Hash Override' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 18.10.17.3 (L1) Ensure 'Enable App Installer Hash Override' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.2.2 (L2) Ensure 'Disable Cloud Clipboard integration for server-to-client data transfer' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.75.1.3 (L1) Ensure 'Notify Password Reuse' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.76.1.4 (L1) Ensure 'Notify Unsafe App' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.78.1 (L1) Ensure 'Enable ESS with Supported Peripherals' is set to 'Enabled: 1' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.81.1 (L1) Ensure 'Enable MPR notifications for the system' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.81.1 (L1) Ensure 'Enable MPR notifications for the system' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | CONFIGURATION MANAGEMENT |
| 18.10.81.1 (L1) Ensure 'Enable MPR notifications for the system' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.81.1 (L1) Ensure 'Enable MPR notifications for the system' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 19.6.6.1.1 Ensure 'Turn off Help Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 19.7.45.2.1 Ensure 'Prevent Codec Download' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure SSH Protocol is set to 2 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Excel 2 macrosheets and add-in files | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IBM i : Action When Sign-On Attempts Reached (QMAXSGNACN) - '3' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| O365-CO-000008 - Office applications must be configured to specify encryption type in password-protected Office 97-2003 files. | DISA STIG Microsoft Office 365 ProPlus v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN10-00-000085 - Standard local user accounts must not exist on a system in a domain. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000085 - Standard local user accounts must not exist on a system in a domain. | DISA Windows 11 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
