| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Webserver | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Loadbalancer | Unix | SYSTEM AND SERVICES ACQUISITION |
| 1.1.1 Ensure NGINX is installed | CIS NGINX Benchmark v2.1.0 L1 Proxy | Unix | SYSTEM AND SERVICES ACQUISITION |
| 2.1 Ensure 'global authorization rule' is set to restrict access | CIS IIS 7 L1 v1.8.0 | Windows | ACCESS CONTROL |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 (L1) Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.23 Ensure 'Generate security audits' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2.36 (L1) Ensure 'Replace a process level token' is set to 'LOCAL SERVICE, NETWORK SERVICE' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.22.2 Ensure 'Block signing into Office' is set to 'Enabled: Org ID only' | CIS Microsoft Office Enterprise v1.2.0 L1 | Windows | ACCESS CONTROL |
| 2.4 Ensure 'Protect RE' Firewall Filter includes explicit terms for all Protocols | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.3 Ensure Custom Error Messages are not Off - Applications | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.3 Ensure Custom Error Messages are not Off - Default | CIS IIS 7 L2 v1.8.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.6 Ensure 'httpcookie' mode is configured for session state | CIS IIS 8.0 v1.5.1 Level 2 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Applications | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 7 L2 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.6 Ensure 'httpcookie' mode is configured for session state - Default | CIS IIS 10 v1.2.1 Level 2 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 4.5 Configure Solaris Auditing - active audit policies = argv,cnt,zonename | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft | CIS Solaris 11.1 L1 v1.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit condition = auditing | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - audit_binfile (active) | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.5 Configure Solaris Auditing - configured non-attributable flags = lo | CIS Solaris 11 L1 v1.1.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.7 Ensure Unlisted File Extensions are not allowed | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 4.7 Ensure Unlisted File Extensions are not allowed - Applications | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.7 Ensure Unlisted File Extensions are not allowed - Default | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - Deny By Concurrent Requests | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.11 Ensure 'Dynamic IP Address Restrictions' is enabled - maxConcurrentRequests | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure Advanced IIS logging is enabled | CIS IIS 8.0 v1.5.1 Level 1 | Windows | AUDIT AND ACCOUNTABILITY |
| 7.4 Ensure TLS 1.0 is enabled | CIS IIS 7 L1 v1.8.0 | Windows | |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| DISA_IIS_8.5_Web_Server_v2r7.audit from DISA Microsoft IIS 8.5 Server v2r7 STIG | DISA IIS 8.5 Server v2r7 | Windows | |
| ESXI-06-000040 - The system must use multifactor authentication for local access to privileged accounts. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | IDENTIFICATION AND AUTHENTICATION |
| IIST-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 10.0 website, patches, loaded modules, and directory paths. | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SI-000236 - The IIS 10.0 websites connectionTimeout setting must be explicitly configured to disconnect an idle session. | DISA IIS 10.0 Site v2r11 | Windows | ACCESS CONTROL |
| IIST-SI-000238 - The IIS 10.0 website must use a logging mechanism configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 10.0 website. | DISA IIS 10.0 Site v2r11 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000242 - The IIS 10.0 private website must employ cryptographic mechanisms (TLS) and require client certificates. | DISA IIS 10.0 Site v2r11 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000251 - The IIS 10.0 website must have a unique application pool. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000115 - The log information from the IIS 10.0 web server must be protected from unauthorized modification or deletion. | DISA IIS 10.0 Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000116 - The log data and records from the IIS 10.0 web server must be backed up onto a different system or media. | DISA IIS 10.0 Server v3r3 | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 10.0 web server. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000156 - All accounts installed with the IIS 10.0 web server software and tools must have passwords assigned and default passwords changed. | DISA IIS 10.0 Server v3r3 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000219 - Each IIS 8.5 website must be assigned a default host header. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000233 - Warning and error messages displayed to clients must be modified to minimize the identity of the IIS 8.5 website, patches, loaded modules, and directory paths. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SI-000238 - The IIS 8.5 website must use a logging mechanism that is configured to allocate log record storage capacity large enough to accommodate the logging requirements of the IIS 8.5 website. | DISA IIS 8.5 Site v2r9 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000115 - The log information from the IIS 8.5 web server must be protected from unauthorized modification or deletion. | DISA IIS 8.5 Server v2r7 | Windows | AUDIT AND ACCOUNTABILITY |
| IISW-SV-000149 - The Internet Printing Protocol (IPP) must be disabled on the IIS 8.5 web server - IPP must be disabled on the IIS 8.5 web server | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
