| 2.2.14 (L1) Configure 'Create symbolic links' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.18 (L1) Ensure 'Deny log on as a service' to include 'Guests' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.28 (L1) Ensure 'Log on as a batch job' is set to 'Administrators' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.2.30 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 3.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' | CIS Microsoft Azure Foundations v3.0.0 L2 | microsoft_azure | ACCESS CONTROL, RISK ASSESSMENT |
| 3.2 Data ONTAP (Software) Mgmt - 'httpd.admin.access has been configured' | TNS NetApp Data ONTAP 7G | NetApp | ACCESS CONTROL |
| 4.6 Ensure only authorized users and groups belong to the esxAdminsGroup group | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | ACCESS CONTROL |
| 4.7 (L1) Ensure only authorized users and groups belong to the esxAdminsGroup group | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Debian 8 Workstation L1 v2.0.2 | Unix | ACCESS CONTROL |
| 5.2.18 Ensure SSH access is limited | CIS Debian 8 Server L1 v2.0.2 | Unix | ACCESS CONTROL |
| 5.8.3 Ensure Legacy Authorization (ABAC) is Disabled | CIS Google Kubernetes Engine (GKE) v1.6.1 L1 | GCP | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 45.6 (L2) Ensure 'Devices: Prevent users from installing printer drivers when connecting to shared printers' is set to 'Enable' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.11 (L1) Ensure 'Create Token' is set to 'No One' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.15 (L1) Ensure 'Deny Remote Desktop Services Log On' to include 'Guests, Local account' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.18 (L1) Ensure 'Impersonate Client' is set to 'Administrators, LOCAL SERVICE, NETWORK SERVICE, SERVICE' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.20 (L1) Ensure 'Load Unload Device Drivers' is set to 'Administrators' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.20 (L1) Ensure 'Load Unload Device Drivers' is set to 'Administrators' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.22 (L1) Ensure 'Manage auditing and security log' is set to 'Administrators' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.27 (L1) Ensure 'Remote Shutdown' is set to 'Administrators' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 74.27 (L1) Ensure 'Remote Shutdown' is set to 'Administrators' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| Allow user control over installs | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Configure Windows Defender SmartScreen - ShellSmartScreenLevel | MSCT Windows Server 1903 MS v1.19.9 | Windows | ACCESS CONTROL |
| Configure Windows Defender SmartScreen - ShellSmartScreenLevel | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Console Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| Disable AutoRepublish | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | ACCESS CONTROL |
| Do not show AutoRepublish warning alert | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate local users on domain-joined computers | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| ESXi : audit-exception-users | VMWare vSphere 6.5 Hardening Guide | VMware | ACCESS CONTROL |
| IBM i : Allow Restoring of Security-Sensitive Objects (QALWOBJRST) - '*NONE' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Limit Security Officer (QLMTSECOFR) - '1' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R1 and V6R1 | AS/400 | ACCESS CONTROL |
| IBM i : Remote power-on and restart (QRMTIPL) - '0' | IBM System i Security Reference for V7R2 | AS/400 | ACCESS CONTROL |
| Join Microsoft MAPS | MSCT Windows 10 1809 v1.0.0 | Windows | ACCESS CONTROL |
| Join Microsoft MAPS | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Management Services Security - Configure read-only access; use read-write only when required - usm | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Do not allow anonymous enumeration of SAM accounts and shares | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict anonymous access to Named Pipes and Shares | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict clients allowed to make remote calls to SAM | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict clients allowed to make remote calls to SAM | MSCT Windows Server 2022 v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Restrict clients allowed to make remote calls to SAM | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Turn off toast notifications on the lock screen | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| Turn on PowerShell Script Block Logging - EnableScriptBlockInvocationLogging | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Turn on PowerShell Script Block Logging - EnableScriptBlockInvocationLogging | MSCT Windows Server v20H2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Turn on PowerShell Script Block Logging - EnableScriptBlockInvocationLogging | MSCT Windows Server v20H2 MS v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Admin Approval Mode for the Built-in Administrator account | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| User Account Control: Only elevate UIAccess applications that are installed in secure locations | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | ACCESS CONTROL |
| User Authentication Security - Centralized authentication - Create an emergency local account in the event authentication is unavailable | Juniper Hardening JunOS 12 Devices Checklist | Juniper | ACCESS CONTROL |
