| 2.2.32 Ensure 'Deny log on locally' to include 'Guests, Enterprise Admins group, and Domain Admins group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2022 STIG v1.0.0 STIG DC | Windows | ACCESS CONTROL |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2022 Database L1 AWS RDS v1.1.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure Windows BUILTIN groups are not SQL Logins | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.044 - Terminal Services is configured to use a common temporary folder for all sessions. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.5 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Key' is set to 'Enabled: Allow 256-bit recovery key' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.10 Ensure 'Configure use of passwords for fixed data drives' is set to 'Disabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.4 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Password' is set to 'Enabled: Do not allow 48-digit recovery password' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.5 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.3.10 Ensure 'Configure use of passwords for removable data drives' is set to 'Disabled' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.39.2 Ensure 'Turn off location' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 v3.2.0 | Windows | ACCESS CONTROL |
| 18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.9.65.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 2 v3.3.1 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.9.1.2 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.2 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.6 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.2.7 (BL) Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.3.2 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.2 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.9.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | MEDIA PROTECTION |
| 18.10.9.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 11 Stand-alone v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.6 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Omit recovery options from the BitLocker setup wizard' is set to 'Enabled: True' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | MEDIA PROTECTION |
| 18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | MEDIA PROTECTION |
| 18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | MEDIA PROTECTION |
| 18.10.9.3.14 (BL) Ensure 'Deny write access to removable drives not protected by BitLocker' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 BL | Windows | MEDIA PROTECTION |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L2 MS | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server | Windows | CONFIGURATION MANAGEMENT |
| 18.10.56.3.2.1 Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.3.2.1 (L2) Ensure 'Restrict Remote Desktop Services users to a single Remote Desktop Services session' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L2 DC | Windows | CONFIGURATION MANAGEMENT |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.92.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 18.10.93.1.1 (L1) Ensure 'No auto-restart with logged on users for scheduled automatic updates installations' is set to 'Disabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
