| 2.3.11.4 Ensure 'Network security: Configure encryption types allowed for Kerberos' is set to 'AES128_HMAC_SHA1, AES256_HMAC_SHA1, Future encryption types' | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.3.3 Ensure 'Configure SMB v1 server' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | CONFIGURATION MANAGEMENT, RISK ASSESSMENT |
| Access Credential Manager as a trusted caller | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Allow log on through Remote Desktop Services | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Apply local connection security rules - Private Profile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local firewall rules - Public Profile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Audit Audit Policy Change | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Credential Validation | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Logon | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Account Management Events | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit User Account Management | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Default Protections for Popular Software - Firefox | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - Pidgin | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - QuickTimePlayer | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - Safari | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - SkyDrive | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - ThunderbirdPluginContainer | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - Winamp | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - WindowsLiveMail | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Popular Software - WinRARConsole | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Excel | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre6_javaw | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre7_javaw | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - jre7_javaws | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Picture Manager | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - VisioViewer | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Default Protections for Recommended Software - Word | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Domain member: Digitally encrypt secure channel data (when possible) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Domain member: Maximum machine account password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enforce password history | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Firewall State - Public Profile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Force specific screen saver | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Generate security audits | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Inbound Connections - Private Profile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Interactive logon: Do not require CTRL+ALT+DEL | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Interactive logon: Machine account lockout threshold | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Interactive logon: Prompt user to change password before expiration | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Interactive logon: Smart card removal behavior | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Maximum password age | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| MSS: (ScreenSaverGracePeriod) The time in seconds before the screen saver grace period expires (0 Recommended) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Allow anonymous SID/Name translation | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Network access: Sharing and security model for local accounts | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Network security: Do not store LAN Manager hash value on next password change | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Outbound Connections - Public Profile | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Profile system performance | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| Shutdown: Allow system to be shut down without having to log on | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | ACCESS CONTROL |
| System objects: Strengthen default permissions of internal system objects (e.g., Symbolic Links) | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| System SEHOP | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
