| 1.3 Ensure specific whitelisted IP addresses, IP address ranges, and/or domains are set | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Ensure specific whitelisted IP addresses, IP address ranges, and/or domains are set | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions. | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.9 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | CONFIGURATION MANAGEMENT |
| 18.9.100.1 (L1) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.86.1 (L2) Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.86.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | AUDIT AND ACCOUNTABILITY |
| 18.10.86.1 Ensure 'Turn on PowerShell Script Block Logging' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| IIST-SI-000255 - The application pool for each IIS 10.0 website must have a recycle time explicitly set. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000258 - The application pools rapid fail protection for each IIS 10.0 website must be enabled. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000263 - Backup interactive scripts on the IIS 10.0 server must be removed. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SI-000264 - The required DoD banner page must be displayed to authenticated users accessing a DoD private website. | DISA IIS 10.0 Site v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000123 - The IIS 10.0 web server must be reviewed on a regular basis to remove any Operating System features, utility programs, plug-ins, and modules not necessary for operation. | DISA IIS 10.0 Server v3r2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000130 - Java software installed on a production IIS 10.0 web server must be limited to .class files and the Java Virtual Machine. | DISA IIS 10.0 Server v3r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000139 - The IIS 10.0 web server Indexing must only index web content. | DISA IIS 10.0 Server v3r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000139 - The IIS 10.0 web server Indexing must only index web content. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IIST-SV-000144 - IIS 10.0 web server system files must conform to minimum file permission requirements. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL |
| IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v2r10 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 10.0 Server v3r2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000148 - The IIS 10.0 web server must not be running on a system providing any other role. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000151 - The IIS 10.0 web server must be tuned to handle the operational requirements of the hosted application. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000154 - The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version. | DISA IIS 10.0 Server v3r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000154 - The IIS 10.0 web server must maintain the confidentiality of controlled information during transmission through the use of an approved Transport Layer Security (TLS) version. | DISA IIS 10.0 Server v2r10 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SV-000160 - An IIS Server configured to be a SMTP relay must require authentication. | DISA IIS 10.0 Server v3r2 | Windows | CONFIGURATION MANAGEMENT |
| IIST-SV-000160 - An IIS Server configured to be a SMTP relay must require authentication. | DISA IIS 10.0 Server v2r10 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000258 - The application pools rapid fail protection for each IIS 8.5 website must be enabled. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000259 - The application pools rapid fail protection settings for each IIS 8.5 website must be managed. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Site v2r9 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SV-000123 - The IIS 8.5 web server must be reviewed on a regular basis to remove any Operating System features, utility programs, plug-ins, and modules not necessary for operation. | DISA IIS 8.5 Server v2r7 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SV-000130 - Java software installed on a production IIS 8.5 web server must be limited to .class files and the Java Virtual Machine. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000131 - IIS 8.5 Web server accounts accessing the directory tree, the shell, or other operating system functions and utilities must only be administrative accounts. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000139 - The IIS 8.5 web server Indexing must only index web content. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| IISW-SV-000144 - IIS 8.5 web server system files must conform to minimum file permission requirements. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
| IISW-SV-000147 - Access to web administration tools must be restricted to the web manager and the web managers designees. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000154 - A web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-009999 - The version of IIS running on the system must be a supported version. | DISA IIS 8.5 Server v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - AccessConfig | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG220 A22 - Web administration tools must be restricted to the web manager and the web manager's designees - ResourceConfig | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
