| 1.1.1 Enable 'aaa new-model' | CIS Cisco IOS 16 L1 v1.1.1 | Cisco | |
| 1.1.2 Enable 'aaa authentication login' | CIS Cisco IOS 15 L1 v4.0.1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS 16 L1 v1.1.0 | Cisco | |
| 1.1.4 Set 'login authentication for 'line con 0' | CIS Cisco IOS 15 L1 v4.0.1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Set 'login authentication for 'line tty' | CIS Cisco IOS 16 L1 v1.1.1 | Cisco | |
| 1.1.5 Set 'login authentication for 'line tty' | CIS Cisco IOS 15 L1 v4.0.1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.8 Set 'aaa accounting connection' | CIS Cisco IOS 16 L2 v1.1.2 | Cisco | |
| 1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Authentication Provider | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows Server 2016 MS L1 v1.3.0 | Windows | |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG | Windows | |
| 2.3.11.3 Ensure 'Network Security: Allow PKU2U authentication requests to this computer to use online identities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG | Windows | |
| 3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' | CIS SQL Server 2016 Database L1 DB v1.3.0 | MS_SQLDB | |
| 3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode' | CIS SQL Server 2019 Database L1 DB v1.2.0 | MS_SQLDB | |
| 4.2 Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2016 farm | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Oracle Linux 6 Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | Huawei EulerOS 2 Workstation L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS CentOS 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS CentOS 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS CentOS 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | Huawei EulerOS 2 Server L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | Huawei EulerOS 2 Workstation L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Amazon Linux v2.1.0 L1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows 8.1 v2.4.0 L1 | Windows | |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0 | Windows | |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Windows Server 2012 MS L1 v2.2.0 | Windows | |
| 18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 2004) v1.9.1 L1 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + NG | Windows | |
| 18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' | CIS Microsoft Windows Server 2016 MS L1 v1.3.0 | Windows | |
| 18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG | Windows | |
| 18.8.28.3 Ensure 'Do not enumerate connected users on domain-joined computers' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL | Windows | |
| 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' | CIS Microsoft Windows Server 2016 MS L1 v1.3.0 | Windows | |
| 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + NG | Windows | |
| 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG | Windows | |
| 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL | Windows | |
| 18.9.6.1 Ensure 'Allow Microsoft accounts to be optional' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL | Windows | |
| Ensure no legacy '+' entries exist in /etc/group | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
