| 1.1.13 Disable Automounting | CIS Google Container-Optimized OS v1.2.0 L1 Server | Unix | MEDIA PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.19 Disable Automounting | CIS Aliyun Linux 2 L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.23 Disable Automounting | CIS SUSE Linux Enterprise 12 v3.1.0 L2 Workstation | Unix | MEDIA PROTECTION |
| 1.1.23 Disable Automounting | CIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1 | Unix | MEDIA PROTECTION |
| 1.1.23 Disable Automounting | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | MEDIA PROTECTION |
| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.5 Ensure CUPS is not enabled | CIS Amazon Linux 2 STIG v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 2.3.7.8 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 5.29 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.29 Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.29 Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.32 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.33 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.33 (L1) Ensure 'Web Management Service (WMSvc)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 5.117 - Users must be prevented from connecting using Terminal Services. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| 6.3 Ensure 'log_error_verbosity' is Set to '2' | CIS MySQL 8.0 Enterprise Database L2 v1.3.0 | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Set 'Restrict File Download' to 'Enabled' - explorer.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 7.1 Set 'Restrict File Download' to 'Enabled' - iexplore.exe | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.4.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.9.2 Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' - AllowRspndrOnPublicNet | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.20.1 Ensure 'Configuration of wireless settings using Windows Connect Now' is set to 'Disabled' - DisableInBand802DOT11Registrar | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.22.1.13 Ensure 'Turn off Windows Customer Experience Improvement Program' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.8.34.6.1 Ensure 'Allow standby states (S1-S3) when sleeping (on battery)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.8.34.6.2 Ensure 'Allow standby states (S1-S3) when sleeping (plugged in)' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.11.1.3 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.11 Ensure 'Configure use of smart cards on fixed data drives' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.12 Ensure 'Configure use of smart cards on fixed data drives: Require use of smart cards on fixed data drives' is set to 'Enabled: True' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.17.4 (L1) Ensure 'Enable App Installer ms-appinstaller protocol' is set to 'Disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.3.7 (L2) Ensure 'Do not allow WebAuthn redirection' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| check for correct TACACS+ server 1/2 | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| Check for only 2 roles defined | CIS Microsoft SharePoint 2016 DB v1.1.0 | MS_SQLDB | |
| Check for only 2 roles defined | CIS Microsoft SharePoint 2019 DB v1.0.0 | MS_SQLDB | |
| CIS VMware ESXi 6.5 v1.0.0 Level 2 | CIS VMware ESXi 6.5 v1.0.0 Level 2 | VMware | |
| DNS Profile - Address - DNS Server 2 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Encryption type for password protected Office 97-2003 files | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure SSH Protocol is set to 2 | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Interactive logon: Smart card removal behavior | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 1909 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 v21H1 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows 10 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Smart card removal behavior | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| No users with privileges 2-15 | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | |
| O365-CO-000008 - Office applications must be configured to specify encryption type in password-protected Office 97-2003 files. | DISA STIG Microsoft Office 365 ProPlus v3r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ssl-min-proto-version TLSv1-2 | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | |
| WN10-00-000100 - Internet Information System (IIS) or its subcomponents must not be installed on a workstation. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN11-00-000085 - Standard local user accounts must not exist on a system in a domain. | DISA Windows 11 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
