| 2.2.46 Ensure 'Manage auditing and security log' is set to 'Administrators' (STIG DC only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 DB v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.045 - Terminal Services is not configured to delete temporary folders. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | ACCESS CONTROL |
| 18.5.11.3 Ensure 'Require domain users to elevate when setting a network's location' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.11.1.3 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.1.14 (BL) Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | CONFIGURATION MANAGEMENT |
| 18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.11 Ensure 'Require additional authentication at startup' is set to 'Enabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.13 Ensure 'Require additional authentication at startup: Configure TPM startup:' is set to 'Enabled: Do not allow TPM' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.3 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Allow data recovery agent' is set to 'Enabled: True' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.4 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Allow data recovery agent' is set to 'Enabled: False' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.2 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.2 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 BitLocker | Windows | MEDIA PROTECTION |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
