| 2.2.3 Ensure 'Maximum receive size: Organization level' is set to '25' | CIS Microsoft Exchange Server 2019 L1 Mailbox v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 5.5 Ensure 'Simple TCP/IP Services (simptcp)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 7.10 Ensure RC4 Cipher Suites is disabled - RC4 64/128 | CIS IIS 7 L1 v1.8.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.1.4 (BL) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Recovery Password' is set to 'Enabled: Allow 48-digit recovery password' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| 18.9.11.3.5 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Recovery Key' is set to 'Enabled: Do not allow 256-bit recovery key' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL, CONTINGENCY PLANNING |
| Accounts: Guest account status | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Accounts: Limit local account use of blank passwords to console logon only | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Allow Microsoft accounts to be optional | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Audit Logoff | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Process Creation | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Change the system time | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create a token object | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create permanent shared objects | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Create Symbolic Links | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Default Protections for Popular Software - 7z | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - 7zFM | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - FirefoxPluginContainer | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - RealConverter | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - VLC | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - WinRARGUI | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Acrobat | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - AcrobatReader | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - InfoPath | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Outlook | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - PowerPoint | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Visio | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Deny log on as a batch job | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Deny log on locally | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Devices: Allowed to format and eject removable media | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | MEDIA PROTECTION |
| Devices: Prevent users from installing printer drivers | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Domain member: Maximum machine account password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| F5BI-AP-000231 - The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | IDENTIFICATION AND AUTHENTICATION |
| Force specific screen saver | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Generate security audits | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Do not require CTRL+ALT+DEL | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Interactive logon: Machine account lockout threshold | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Interactive logon: Prompt user to change password before expiration | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Maximum password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Sharing and security model for local accounts | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Profile system performance | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Shutdown: Allow system to be shut down without having to log on | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| System SEHOP | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
