| 1.1.3.16.1 Configure 'System settings: Optional subsystems' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS' (DC only) | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.2 (L1) Ensure 'Access this computer from the network' is set to 'Administrators, Authenticated Users, ENTERPRISE DOMAIN CONTROLLERS' (DC only) | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.1 Set 'no ip source-route' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS XE 17.x v2.1.0 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Ensure SCTP is disabled - lsmod | CIS Fedora 19 Family Linux Workstation L2 v1.0.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 3.10.30.2 (L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.9 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 5.27 Ensure 'Telnet (TlntSvr)' is set to 'Disabled' or 'Not Installed' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.1.3 (L2) Ensure 'Allow Online Tips' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.4.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows Server 2008 R2 Domain Controller Level 2 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.5.9.2 (L2) Ensure 'Turn on Responder (RSPNDR) driver' is set to 'Disabled' | CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.6.8.1 (L1) Ensure 'Enable insecure guest logons' is set to 'Disabled' | CIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.8.1.1 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.31.2 (L2) Ensure 'Allow upload of User Activities' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.33.6.1 (L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.33.6.1 (L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.33.6.1 (L1) Ensure 'Allow network connectivity during connected-standby (on battery)' is set to 'Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.33.6.2 (L1) Ensure 'Allow network connectivity during connected-standby (plugged in)' is set to 'Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.36.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.36.2 (L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.36.2 (L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.36.2 (L1) Ensure 'Restrict Unauthenticated RPC clients' is set to 'Enabled: Authenticated' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.59.3.2.1 (L2) Ensure 'Allow users to connect remotely by using Remote Desktop Services' is set to 'Disabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.15.4 (L1) Ensure 'Do not show feedback notifications' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.15.4 (L1) Ensure 'Do not show feedback notifications' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.42.10.4 (L1) Ensure 'Turn on script scanning' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.56.3.9.1 (L1) Ensure 'Always prompt for password upon connection' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.62.1 (L1) Ensure 'Turn off KMS Client Online AVS Validation' is set to 'Enabled' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.65.4 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.65.4 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.65.4 (L1) Ensure 'Turn off the offer to update to the latest version of Windows' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.79.2 (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.79.2 (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.79.2 (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.79.2 (L1) Ensure 'Allow Windows Ink Workspace' is set to 'Enabled: On, but disallow access above lock' OR 'Enabled: Disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 43.1 (L2) Ensure 'Disallow KMS Client Online AVS Validation' is set to 'Allow' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 58.4 (L1) Ensure 'Let Apps Activate With Voice Above Lock' is set to 'Enabled: Force Deny' | CIS Microsoft Intune for Windows 10 v3.0.1 L1 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 62.1 (L2) Ensure 'Allow Online Tips' is set to 'Block' | CIS Microsoft Intune for Windows 10 v3.0.1 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 86.1.8 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v3.0.1 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 86.1.8 (L2) Ensure 'Turn off notifications network usage' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
