| 1.1.1.2 Set 'Account lockout duration' to '15 or more minute(s)' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.1.4 Set 'Minimum password length' to '14 or more character(s)' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2.2 Set 'Audit Policy: Account Management: Other Account Management Events' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.9 Set 'Audit Policy: Object Access: Detailed File Share' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.10 Set 'Audit Policy: Account Management: User Account Management' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.20 Set 'Audit Policy: Privilege Use: Other Privilege Use Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.23 Set 'Audit Policy: Policy Change: Authorization Policy Change' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.25 Set 'Audit Policy: Logon-Logoff: Logoff' to 'Success' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.39 Set 'Audit Policy: DS Access: Detailed Directory Service Replication' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.40 Set 'Audit Policy: Object Access: Other Object Access Events' to 'No Auditing' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.2.50 Set 'Audit Policy: Logon-Logoff: Logon' to 'Success and Failure' | CIS Windows 8 L1 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 1.1.3.1.2 Configure 'Accounts: Rename guest account' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.1.4 Configure 'Accounts: Rename administrator account' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.4.1 Configure 'Devices: Allow undock without having to log on' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.4.5 Configure 'Devices: Prevent users from installing printer drivers' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.5.5 Set 'Domain member: Digitally encrypt or sign secure channel data (always)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.6.3 Set 'startup (minutes)' to '10 or more minute(s)' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.9.8 Configure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.9.11 Configure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted (3 recommended, 5 default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.9.16 Configure 'MSS: (PerformRouterDiscovery) Allow IRDP to detect and configure Default Gateway addresses (could lead to DoS)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3.10.2 Set 'Network access: Allow anonymous SID/Name translation' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.10.4 Configure 'Network access: Named Pipes that can be accessed anonymously' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.11.3 Configure Network access: Shares that can be accessed anonymously | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.11.6 Configure 'Network Security: Restrict NTLM: Add server exceptions in this domain' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.11.10 Set 'Network Security: Restrict NTLM: Audit Incoming NTLM Traffic' to 'Not Defined' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.3.11.14 Configure 'Network Security: Restrict NTLM: Incoming NTLM traffic' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.15.1 Set 'System objects: Strengthen default permissions of internal system objects (e'g' Symbolic Links)' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.1.3.17.2 Set 'User Account Control: Detect application installations and prompt for elevation' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.1.3.17.3 Set 'User Account Control: Behavior of the elevation prompt for standard users' to 'Automatically deny elevation requests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.17.5 Set 'User Account Control: Only elevate UIAccess applications that are installed in secure locations' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.4.15 Set 'Create symbolic links' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| Access Credential Manager as a trusted caller | MSCT Windows 11 v24H2 v1.0.0 | Windows | ACCESS CONTROL |
| Allow Custom SSPs and APs to be loaded into LSASS | MSCT Windows 11 v24H2 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION |
| Audit Account Lockout | MSCT Windows 11 v23H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Detailed File Share | MSCT Windows 11 v24H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Other Policy Change Events | MSCT Windows 11 v24H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows 11 v22H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Removable Storage | MSCT Windows 11 v24H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security Group Management | MSCT Windows 11 v22H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Security State Change | MSCT Windows 11 v24H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| Audit Special Logon | MSCT Windows 11 v22H2 v1.0.0 | Windows | AUDIT AND ACCOUNTABILITY |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Prevent installation of devices that match any of these device IDs - DenyDeviceIDs | MSCT Windows 10 1903 v1.19.9 | Windows | MEDIA PROTECTION |
| Profile single process | MSCT Windows 11 v22H2 v1.0.0 | Windows | ACCESS CONTROL |
| Profile single process | MSCT Windows 11 v23H2 v1.0.0 | Windows | ACCESS CONTROL |
| Send file samples when further analysis is required | MSCT Windows 11 v24H2 v1.0.0 | Windows | |
| Turn on behavior monitoring | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN22-SO-000260 - Windows Server 2022 services using Local System that use Negotiate when reverting to NTLM authentication must use the computer identity instead of authenticating anonymously. | DISA Windows Server 2022 STIG v2r2 | Windows | CONFIGURATION MANAGEMENT |
| WNDF-AV-000022 - Microsoft Defender AV must be configured to enable behavior monitoring. | DISA STIG Microsoft Defender Antivirus v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
