Item Search

NameAudit NamePluginCategory
1.191 WN19-MS-000010CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT IWindows

ACCESS CONTROL

1.191 WN22-MS-000010CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT IWindows

ACCESS CONTROL

2.3.8.1 Ensure 'Microsoft network client: Digitally sign communications (always)' is set to 'Enabled'CIS Microsoft Windows 8.1 v2.4.1 L1Windows

CONFIGURATION MANAGEMENT

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows 11 Enterprise v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

AUDIT AND ACCOUNTABILITY

17.2.1 (L1) Ensure 'Audit Application Group Management' is set to 'Success and Failure'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

AUDIT AND ACCOUNTABILITY

18.3.5 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.7 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NGWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.7 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1Windows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.4.7 (L1) Ensure 'WDigest Authentication' is set to 'Disabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

18.6.11.3 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Windows Server 2012 R2 MS L1 v3.0.0Windows

ACCESS CONTROL

18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 DCWindows

ACCESS CONTROL

18.6.11.4 (L1) Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled'CIS Microsoft Windows Server 2016 v4.0.0 L1 MSWindows

ACCESS CONTROL

18.6.14.1 (L1) Ensure 'Hardened UNC Paths' is set to 'Enabled, with 'Require Mutual Authentication', 'Require Integrity', and 'Require Privacy' set for all NETLOGON and SYSVOL shares'CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L1 MSWindows

IDENTIFICATION AND AUTHENTICATION

18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'CIS Microsoft Windows Server 2016 v4.0.0 L1 DCWindows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L1Windows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.7.2 (L1) Ensure 'Prevent device metadata retrieval from the Internet' is set to 'Enabled'CIS Microsoft Windows Server 2025 v1.0.0 L1 MSWindows

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLockerWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 11 Stand-alone v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2Windows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BLWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NGWindows

CONFIGURATION MANAGEMENT

18.9.20.1.3 (L2) Ensure 'Turn off handwriting personalization data sharing' is set to 'Enabled'CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 NGWindows

CONFIGURATION MANAGEMENT

18.10.10.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key'CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BLWindows

MEDIA PROTECTION

18.10.37.1 (L2) Ensure 'Turn off location' is set to 'Enabled'CIS Microsoft Windows Server 2025 Stand-alone v1.0.0 L2 MSWindows

CONFIGURATION MANAGEMENT

WN12-00-000004 - Users with administrative privilege must be documented.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000005 - Users with Administrative privileges must have separate accounts for administrative duties and normal operational tasks.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000017 - System-related documentation must be backed up in accordance with local recovery time and recovery point objectives.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-00-000020 - Systems requiring data at rest protections must employ cryptographic mechanisms to prevent unauthorized disclosure and modification of the information at rest.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

SYSTEM AND COMMUNICATIONS PROTECTION

WN12-AC-000005 - The maximum password age must meet requirements.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AC-000009 - Reversible password encryption must be disabled.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION

WN12-AU-000001 - The system must be configured to audit Account Logon - Credential Validation successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000060 - The system must be configured to audit Object Access - Central Access Policy Staging failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000082 - The system must be configured to audit Object Access - Removable Storage failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000085 - The system must be configured to audit Policy Change - Audit Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-AU-000087 - The system must be configured to audit Policy Change - Authentication Policy Change successes.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

WN12-AU-000104 - The system must be configured to audit System - IPsec Driver failures.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

AUDIT AND ACCOUNTABILITY

WN12-CC-000003 - Windows Peer-to-Peer networking services must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000004 - Network Bridges must be prohibited in Windows.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000016 - Windows Update must be prevented from searching for point and print drivers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000020 - An Error Report must not be sent when a generic device driver is installed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000025 - Device driver updates must only search managed servers, not Windows Update.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000028 - Group Policy objects must be reprocessed even if they have not changed.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000030 - Access to the Windows Store must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000033 - Event Viewer Events.asp links must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000047 - Windows must be prevented from using Windows Update to search for drivers.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000051 - Local users on domain-joined computers must not be enumerated.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000052 - App notifications on the lock screen must be turned off.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000071 - The Application Compatibility Program Inventory must be prevented from collecting data and sending the information to Microsoft.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

CONFIGURATION MANAGEMENT

WN12-CC-000099 - Remote Desktop Services must always prompt a client for passwords upon connection.DISA Windows Server 2012 and 2012 R2 MS STIG v3r7Windows

IDENTIFICATION AND AUTHENTICATION