| 1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS 15 L1 v4.0.1 | Cisco | ACCESS CONTROL |
| 1.1.6 Set 'login authentication for 'line vty' | CIS Cisco IOS 15 L1 v4.0.1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4 Ensure that the underlying Internet Information Services (IIS) Authentication module is set to use Kerberos as its Auth Provider | CIS Microsoft SharePoint 2016 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.7.7 Ensure 'Interactive logon: Require Domain Controller Authentication to unlock workstation' is set to 'Enabled' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0 | Windows | ACCESS CONTROL |
| 4.2 Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2016 farm | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.2 Ensure claims-based authentication is used for all web applications and zones of a SharePoint 2019 farm | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Ensure Windows Authentication uses Kerberos and not the NT Lan Manager (NTLM) authentication protocol | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | Huawei EulerOS 2 Server L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Red Hat 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Oracle Linux 6 Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.2 Ensure no legacy '+' entries exist in /etc/passwd | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | Huawei EulerOS 2 Workstation L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | Huawei EulerOS 2 Server L1 v1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Red Hat 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Oracle Linux 6 Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.3 Ensure no legacy '+' entries exist in /etc/shadow | CIS Oracle Linux 6 Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Distribution Independent Linux Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Red Hat 6 Server L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Oracle Linux 6 Server L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Red Hat 6 Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Distribution Independent Linux Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS CentOS 6 Workstation L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/group | CIS Oracle Linux 6 Workstation L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/shadow | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | ACCESS CONTROL |
| 6.2.4 Ensure no legacy '+' entries exist in /etc/shadow | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | ACCESS CONTROL |
| 6.2.20 Ensure shadow group is empty | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | ACCESS CONTROL |
| 18.2.1 (L1) Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker | Windows | |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.1.0 | Windows | CONFIGURATION MANAGEMENT |
| 18.2.1 Ensure LAPS AdmPwd GPO Extension / CSE is installed (MS only) | CIS Microsoft Windows Server 2016 MS L1 v1.3.0 | Windows | |
| 18.2.3 (L1) Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.0 L1 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 + BL + NG | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL + NG | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + NG | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v1.0.0 L1 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 20H2) v1.10.1 L1 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' | CIS Microsoft Windows 10 Enterprise (Release 21H1) v1.11.0 L1 + BL | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Windows Server 2012 MS L1 v2.2.0 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2008 Member Server Level 1 v3.2.0 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2016 MS L1 v1.3.0 | Windows | |
| 18.2.3 Ensure 'Enable Local Admin Password Management' is set to 'Enabled' (MS only) | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.2.0 | Windows | |
| Allow Microsoft accounts to be optional | MSCT Windows 10 v1903 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Enable local admin password management | MSCT Windows Server 1903 MS v1.0.0 | Windows | ACCESS CONTROL |
| Enable local admin password management | MSCT Windows 10 v1903 v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate local users on domain-joined computers | MSCT Windows Server 1903 MS v1.0.0 | Windows | ACCESS CONTROL |
| Enumerate local users on domain-joined computers | MSCT Windows 10 v1903 v1.0.0 | Windows | ACCESS CONTROL |
