| 1.1.4.3 Set 'Deny access to this computer from the network' to 'Guests' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.5 Set 'Create permanent shared objects' to 'No One' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.19 Debug programs = Administrators | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.22 Set 'Profile system performance' to 'NT SERVICE\WdiServiceHost,Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.28 Set 'Manage auditing and security log' to 'Administrators' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.1.4.39 Configure 'Remove computer from docking station' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.1.1 Configure 'Set IP Stateless Autoconfiguration Limits State' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.3.1.1 Configure 'Turn off access to the Store' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.1.9 Set 'Turn off printing over HTTP' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.3.2.4 Set 'Do not enumerate connected users on domain-joined computers' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 1.2.4.2.1.3 Set 'Configure use of passwords for fixed data drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.9 Set 'Allow data recovery agent' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Backup recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.14 Set 'Omit recovery options from the BitLocker setup wizard' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.16 Set 'Require use of smart cards on fixed data drives' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.1.17 Configure 'Deny write access to fixed drives not protected by BitLocker' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.1 Set 'Configure use of hardware-based encryption for operating system drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.3 Set 'Configure use of passwords for operating system drives' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.4 Set 'Recovery Key' to 'Do not allow 256-bit recovery key' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.8 Set 'Restrict encryption algorithms and cipher suites allowed for hardware-based encryption' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.12 Set 'Configure storage of BitLocker recovery information to AD DS:' to 'Store recovery passwords and key packages' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.18 Set 'Configure TPM startup PIN:' to 'Require startup PIN with TPM' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.2.28 Set 'Minimum characters:' to 'Enabled:7 or more characters' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.2.3.9 Set 'Allow data recovery agent' to 'True' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.10 Set 'Choose how BitLocker-protected removable drives can be recovered' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.13 Set 'Save BitLocker recovery information to AD DS for removable data drives' to 'False' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.2.3.15 Set 'Configure use of smart cards on removable data drives' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4.5.4 Set 'Always prompt for password upon connection' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.2.4.7.8 Set 'No auto-restart with logged on users for scheduled automatic updates installations' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4.9 Set 'Turn off Data Execution Prevention for Explorer' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.12 Configure 'Allow deployment operations in special profiles' | CIS Windows 8 L1 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 1.2.4.16 Set 'Allow Remote Shell Access' to 'Enabled' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 2.13 Configure 'Turn off toast notifications on the lock screen' | CIS Windows 8 L1 v1.0.0 | Windows | ACCESS CONTROL |
| 3.125 - Audit policy using subcategories is enabled. | DISA Windows Vista STIG v6r41 | Windows | AUDIT AND ACCOUNTABILITY |
| Access this computer from the network | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Access this computer from the network | MSCT Windows 10 v21H2 v1.0.0 | Windows | ACCESS CONTROL |
| Access this computer from the network | MSCT Windows Server v2004 MS v1.0.0 | Windows | ACCESS CONTROL |
| Access this computer from the network | MSCT Windows Server 2012 R2 DC v1.0.0 | Windows | ACCESS CONTROL |
| Access this computer from the network | MSCT Windows Server 2016 MS v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows 10 v1507 v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows 10 1903 v1.19.9 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows 11 v1.0.0 | Windows | ACCESS CONTROL |
| Act as part of the operating system | MSCT Windows Server 1903 DC v1.19.9 | Windows | ACCESS CONTROL |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WINER-000010 - The system must be configured to archive error reports. | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WINER-000013 - The system must be configured to queue error reports until a local or DOD-wide collector is available. | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN10-UC-000020 - Zone information must be preserved when saving attachments. | DISA Windows 10 STIG v3r2 | Windows | CONFIGURATION MANAGEMENT |
| WN12-CC-000118 - Nonadministrators must be prevented from applying vendor-signed updates. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
