| 1.71 (L1) Ensure 'Configure whether form data and HTTP headers will be sent when entering or exiting Internet Explorer mode' is set to 'Enabled: Do not send form data or headers' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.36 Ensure 'Deny log on through Remote Desktop Services' is set to 'Guests, Local account, Enterprise Admins Group, and Domain Admins Group' (STIG MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2025 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1 | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | ACCESS CONTROL |
| 2.3.17.7 (L1) Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | ACCESS CONTROL |
| 2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | ACCESS CONTROL |
| 2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.17.8 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | ACCESS CONTROL |
| 2.3.17.9 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | ACCESS CONTROL |
| 2.3.17.9 Ensure 'User Account Control: Switch to the secure desktop when prompting for elevation' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | ACCESS CONTROL |
| 20.42 Ensure 'Operating System is maintained at a supported servicing level' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.52 Ensure 'Permissions for the Windows installation directory conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000180 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN - VFI with the globally unique VPN ID assigned for each customer VLAN | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE router must be configured to ignore or drop all packets with any IP options. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000800 - The Cisco multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000850 - The Cisco multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000880 - The Cisco multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| ESXI-80-000198 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI5-VMNET-000014 - The system must ensure that the dvPortgroup Forged Transmits policy is set to reject. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
