← All Frameworks
CIS Microsoft 365 Foundations Benchmarks
Official / Regulatory
Industry-consensus security configuration benchmarks from the Center for Internet Security.
Official documentation154
Controls
111
Auto-Remediable
7
Domains
Entra ID(63)
CIS-1.1.2Limit Global Administrator role assignments to 5 or fewer
critical
CIS 1.1.2SOC2 CC6.1NIST AC-2NIST AC-6ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.8.18ISO27001 A.8.2CSF DE.CM-3CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)405D 3.L.B
CIS-1.1.23Security defaults disabled when Conditional Access is used
medium
Auto-remediable
CIS 1.1.23NIST AC-2SOC2 CC6.1ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.8.2CSF DE.CM-3CSF PR.AC-4GDPR Art.32GDPR Art.5(1)(f)
CIS-1.1.3Require MFA for guest access
high
Auto-remediable
CIS 1.1.3NIST AC-17NIST AC-2NIST CM-1NIST CM-2NIST CM-6NIST CM-7NIST CM-7(1)NIST CM-9NIST SA-10NIST SA-3NIST SA-8ISO27001 A.5.1ISO27001 A.5.14ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.5.8ISO27001 A.6.7ISO27001 A.8.19ISO27001 A.8.2ISO27001 A.8.25ISO27001 A.8.27ISO27001 A.8.28ISO27001 A.8.30ISO27001 A.8.31ISO27001 A.8.32ISO27001 A.8.9CSF DE.AE-1CSF DE.CM-3CSF ID.BE-5CSF PR.AC-3CSF PR.AC-4CSF PR.DS-7CSF PR.DS-8CSF PR.IP-1CSF PR.IP-2CSF PR.IP-3CSF PR.PT-3CSF PR.PT-4GDPR Art.24GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC8.1405D 3.M.D
CIS-1.1.4Admin accounts are cloud-only (not synced from on-premises)
high
CIS 1.1.4NIST AC-1NIST AC-2NIST AC-2(1)NIST AC-2(3)NIST AC-6(5)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.2CSF DE.CM-3CSF PR.AC-3CSF PR.AC-4GDPR Art.24GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.2SOC2 CC6.3
CIS-1.1.5Privileged Identity Management enabled for Global Administrator role
high
Auto-remediable
CIS 1.1.5NIST AC-6(7)ISO27001 A.8.2GDPR Art.32SOC2 CC6.3405D 3.L.B
CIS-1.1.6Access review configured for Global Administrator role
high
CIS 1.1.6NIST AC-2(3)SOC2 CC6.2ISO27001 A.8.2GDPR Art.32405D 3.L.B
CIS-1.1.7Terms of use acceptance required
low
CIS 1.1.7NIST PL-4SOC2 CC2.2ISO27001 A.5.10ISO27001 A.5.4ISO27001 A.6.2GDPR Art.32GDPR Art.5(1)(f)
CIS-1.2.1Require MFA for risky sign-ins
high
Auto-remediable
CIS 1.2.1NIST AC-3NIST AC-5NIST AC-6NIST AU-6(1)NIST AU-7NIST IA-2(6)NIST IR-4(1)NIST MP-2NIST SI-4(2)NIST SI-4(5)ISO27001 A.5.10ISO27001 A.5.15ISO27001 A.5.3ISO27001 A.5.33ISO27001 A.7.10ISO27001 A.7.7ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-1CSF PR.PT-2CSF PR.PT-3CSF RS.AN-3GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.4SOC2 CC7.2SOC2 CC7.4405D 3.M.D405D 8.M.B
CIS-1.2.2Require MFA for Azure management
high
Auto-remediable
CIS 1.2.2SOC2 CC6.1NIST AC-6NIST CM-6ISO27001 A.5.15ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.9CSF PR.AC-4CSF PR.DS-5CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)405D 3.M.D
CIS-1.2.3Require password change for high-risk users
high
Auto-remediable
CIS 1.2.3NIST IA-5(1)SOC2 CC6.1ISO27001 A.8.5GDPR Art.32
CIS-1.3.1Require compliant or managed device for all users
high
Auto-remediable
CIS 1.3.1CISA MS.AAD.7.1NIST AC-19NIST CA-9NIST IA-5(1)NIST SC-7NIST SC-7(5)ISO27001 A.5.14ISO27001 A.7.9ISO27001 A.8.1ISO27001 A.8.16ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23CSF DE.CM-1CSF ID.AM-3CSF PR.AC-3CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.6
CIS-1.3.2Require compliant device for admins
high
Auto-remediable
CIS 1.3.2SOC2 CC6.1NIST AC-11NIST AC-11(1)NIST AC-12NIST AC-19NIST AC-2(5)ISO27001 A.5.14ISO27001 A.7.7ISO27001 A.7.9ISO27001 A.8.1CSF PR.AC-3CSF PR.PT-4GDPR Art.32GDPR Art.5(1)(f)
CIS-1.3.3Require MDM-enrolled compliant device for cloud apps
high
Auto-remediable
CIS 1.3.3SOC2 CC6.1NIST AC-19NIST AT-2NIST CM-6NIST CM-7ISO27001 A.5.14ISO27001 A.6.3ISO27001 A.7.9ISO27001 A.8.1ISO27001 A.8.19ISO27001 A.8.7ISO27001 A.8.9CSF PR.AC-3CSF PR.AT-1CSF PR.IP-1CSF PR.PT-3GDPR Art.25GDPR Art.32GDPR Art.39(1)(b)GDPR Art.5(1)(f)
CIS-1.3.4Block access from unsupported device platforms
medium
Auto-remediable
CIS 1.3.4SOC2 CC6.1NIST AC-2NIST AC-3NIST CM-6NIST CM-7ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.33ISO27001 A.8.18ISO27001 A.8.19ISO27001 A.8.2ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4ISO27001 A.8.9CSF DE.CM-3CSF PR.AC-4CSF PR.IP-1CSF PR.PT-3GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)
CIS-1.3.5Use app enforced restrictions for O365
medium
Auto-remediable
CIS 1.3.5NIST AC-4NIST AT-2(3)NIST SI-3ISO27001 A.5.14ISO27001 A.8.22ISO27001 A.8.23ISO27001 A.8.7CSF DE.AE-1CSF DE.CM-4CSF DE.DP-3CSF ID.AM-3CSF PR.AC-5CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)SOC2 CC2.2SOC2 CC6.7
CIS-1.3.6Sign-in frequency configured for session management
medium
Auto-remediable
CIS 1.3.6SOC2 CC6.1NIST AC-12NIST CM-6ISO27001 A.8.9CSF PR.IP-1CSF PR.PT-4GDPR Art.25GDPR Art.32
CIS-1.4Password expiration set to never expire (with MFA enforced)
medium
Auto-remediable
CIS 1.4NIST IA-5ISO27001 A.5.16ISO27001 A.5.17CSF PR.AC-1CSF PR.AC-6CSF PR.AC-7GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.2405D 3.M.C405D 3.M.D
CIS-2.1.1Microsoft 365 group expiration policy configured
low
Auto-remediable
CIS 2.1.1NIST AC-2NIST RA-5NIST RA-7NIST SI-2NIST SI-2(2)NIST SI-3ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.6.8ISO27001 A.8.2ISO27001 A.8.32ISO27001 A.8.7ISO27001 A.8.8CSF DE.AE-2CSF DE.CM-3CSF DE.CM-4CSF DE.CM-8CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF ID.RA-6CSF PR.AC-4CSF PR.IP-12CSF RS.AN-1CSF RS.AN-5CSF RS.MI-3GDPR Art.32GDPR Art.5(1)(f)SOC2 CC4.2SOC2 CC8.1
CIS-2.1.2M365 group creation restricted to admins
medium
Auto-remediable
CIS 2.1.2NIST AC-6NIST AU-1NIST AU-2NIST SI-3NIST SI-8ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3CSF PR.AC-4CSF PR.DS-5CSF PR.PT-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1
CIS-5.2.3Token lifetime policy configured
low
Auto-remediable
CIS 5.2.3NIST AC-12SOC2 CC6.1CSF PR.PT-4
CIS-6.1.1Enable FIDO2 security keys as authentication method
medium
Auto-remediable
CIS 6.1.1NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7NIST IA-2(8)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 3.M.C
CIS-M365.1.1.1Administrative accounts are cloud-only
high
CIS M365 1.1.1NIST AC-6(2)NIST CM-1NIST CM-2NIST CM-6NIST CM-7NIST CM-7(1)NIST CM-9NIST SA-10NIST SA-3NIST SA-8ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.5.8ISO27001 A.8.19ISO27001 A.8.25ISO27001 A.8.27ISO27001 A.8.28ISO27001 A.8.30ISO27001 A.8.31ISO27001 A.8.32ISO27001 A.8.9CSF DE.AE-1CSF ID.BE-5CSF PR.DS-7CSF PR.DS-8CSF PR.IP-1CSF PR.IP-2CSF PR.IP-3CSF PR.PT-3GDPR Art.24GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.3SOC2 CC8.1
CIS-M365.1.1.3Global Administrator role assigned to 2-4 designated accounts
high
CIS M365 1.1.3NIST AC-2NIST CM-1NIST CM-2NIST CM-6NIST CM-7NIST CM-7(1)NIST CM-9NIST SA-10NIST SA-3NIST SA-8ISO27001 A.5.1ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.5.8ISO27001 A.8.19ISO27001 A.8.2ISO27001 A.8.25ISO27001 A.8.27ISO27001 A.8.28ISO27001 A.8.30ISO27001 A.8.31ISO27001 A.8.32ISO27001 A.8.9CSF DE.AE-1CSF DE.CM-3CSF ID.BE-5CSF PR.AC-4CSF PR.DS-7CSF PR.DS-8CSF PR.IP-1CSF PR.IP-2CSF PR.IP-3CSF PR.PT-3GDPR Art.24GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC8.1405D 3.L.B
CIS-M365.1.2.1Public groups restricted to organizationally approved
medium
CIS M365 1.2.1NIST AC-3NIST AC-5NIST AC-6NIST AU-6(1)NIST AU-7NIST IR-4(1)NIST MP-2NIST SI-4(2)NIST SI-4(5)ISO27001 A.5.10ISO27001 A.5.15ISO27001 A.5.3ISO27001 A.5.33ISO27001 A.7.10ISO27001 A.7.7ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-1CSF PR.PT-2CSF PR.PT-3CSF RS.AN-3GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.4SOC2 CC7.2SOC2 CC7.4
CIS-M365.1.2.2Sign-in to shared mailboxes blocked
high
Auto-remediable
CIS M365 1.2.2NIST CM-6ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32
CIS-M365.1.3.1Password expiration policy set to 'never expire'
high
Auto-remediable
CIS M365 1.3.1NIST CA-9NIST IA-5(1)NIST SC-7NIST SC-7(5)ISO27001 A.5.14ISO27001 A.8.16ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23CSF DE.CM-1CSF ID.AM-3CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.6405D 3.M.C
CIS-M365.1.3.3External calendar sharing unavailable
medium
Auto-remediable
CIS M365 1.3.3NIST AT-2NIST CM-6NIST CM-7ISO27001 A.6.3ISO27001 A.8.19ISO27001 A.8.7ISO27001 A.8.9CSF PR.AT-1CSF PR.IP-1CSF PR.PT-3GDPR Art.25GDPR Art.32GDPR Art.39(1)(b)405D 4.M.B
CIS-M365.1.3.6Customer Lockbox feature enabled
high
CIS M365 1.3.6NIST CM-6ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32
CIS-M365.1.3.8External sharing of Sways blocked
high
CIS 1.3.8NIST CM-6NIST CM-7CSF PR.IP-1CSF PR.PT-3
CIS-M365.5.1.1.1Security defaults disabled in Azure Active Directory
critical
Auto-remediable
CIS 5.1.1.1NIST CM-6CSF PR.IP-1
CIS-M365.5.1.2.1Per-user MFA disabled (legacy method)
high
CIS 5.1.2.1NIST IA-2(1)NIST IA-2(2)SOC2 CC6.1405D 3.M.D
CIS-M365.5.1.2.2Third-party integrated applications blocked
high
Auto-remediable
CIS 5.1.2.2NIST CM-7(5)NIST CM-10CSF DE.CM-3SOC2 CC8.1
CIS-M365.5.1.2.3Non-admin users restricted from creating tenants
high
Auto-remediable
CIS 5.1.2.3NIST CM-6CSF PR.IP-1
CIS-M365.5.1.2.4Azure AD administration portal restricted to admins
high
Auto-remediable
CIS 5.1.2.4NIST CM-6CSF PR.IP-1
CIS-M365.5.1.2.5Remain-signed-in option hidden at sign-in
high
CIS 5.1.2.5NIST SI-2CSF ID.RA-1CSF PR.IP-12
CIS-M365.5.1.2.6LinkedIn account connections disabled
high
CIS 5.1.2.6NIST CM-6NIST CM-7NIST SI-4NIST SI-4(4)CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-1CSF PR.IP-8CSF PR.PT-3CSF RS.AN-1SOC2 CC7.2
CIS-M365.5.1.3.1Dynamic group for guest users exists
high
CIS 5.1.3.1NIST AC-3NIST AC-5NIST AC-6NIST MP-2CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.5.1.5.1Application Usage report reviewed weekly
high
CIS 5.1.5.1NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2SOC2 CC6.1SOC2 CC7.2
CIS-M365.5.1.5.2User consent to apps accessing company data blocked
high
Auto-remediable
CIS 5.1.5.2NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST AT-2CSF PR.AC-4CSF PR.AT-1CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.5.1.5.3Admin consent workflow enabled
high
Auto-remediable
CIS 5.1.5.3NIST CM-7(5)NIST CM-10CSF DE.CM-3SOC2 CC8.1
CIS-M365.5.1.6.1Collaboration invitations restricted to allowed domains
high
Auto-remediable
CIS 5.1.6.1NIST IA-4NIST IA-5NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.CM-3CSF PR.AC-1CSF PR.AC-3CSF PR.AC-4CSF PR.AC-6CSF PR.AC-7SOC2 CC6.1SOC2 CC6.2
CIS-M365.5.1.8.1Password hash sync enabled for hybrid deployments
high
CIS 5.1.8.1NIST AC-2(1)NIST AC-3NIST CM-8CSF DE.CM-7CSF ID.AM-1CSF ID.AM-2CSF PR.AC-4CSF PR.DS-3CSF PR.PT-3SOC2 CC6.1
CIS-M365.5.2.2.4Admin sign-in frequency enabled with non-persistent browser sessions
critical
Auto-remediable
CIS 5.2.2.4NIST AC-2(5)NIST AC-11NIST AC-11(1)NIST AC-12NIST SI-2CSF ID.RA-1CSF PR.IP-12CSF PR.PT-4SOC2 CC6.1
CIS-M365.5.2.2.5Phishing-resistant MFA strength required for administrators
critical
Auto-remediable
CIS 5.2.2.5NIST IA-2(1)SOC2 CC6.1405D 3.M.D
CIS-M365.5.2.2.6Azure AD Identity Protection user-risk policies enabled
critical
Auto-remediable
CIS 5.2.2.6NIST SI-4NIST SI-4(4)CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-8CSF RS.AN-1SOC2 CC7.2
CIS-M365.5.2.2.7Azure AD Identity Protection sign-in-risk policies enabled
critical
Auto-remediable
CIS 5.2.2.7NIST SI-4NIST SI-4(4)CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-8CSF RS.AN-1SOC2 CC7.2
CIS-M365.5.2.2.8Admin center access limited to administrative roles
critical
Auto-remediable
CIS 5.2.2.8NIST CM-6CSF PR.IP-1405D 3.L.B
CIS-M365.5.2.3.1Microsoft Authenticator hardened against MFA fatigue
critical
Auto-remediable
CIS 5.2.3.1NIST AC-19NIST IA-2(1)CSF PR.AC-3SOC2 CC6.1405D 3.M.D
CIS-M365.5.2.3.2Custom banned password list in use
high
Auto-remediable
CIS 5.2.3.2NIST IA-5(1)SOC2 CC6.1
CIS-M365.5.2.3.3Password protection enabled for on-prem Active Directory
high
Auto-remediable
CIS 5.2.3.3NIST IA-5(1)NIST CA-9NIST SC-7NIST SC-7(5)CSF DE.CM-1CSF ID.AM-3CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4SOC2 CC6.1SOC2 CC6.6
CIS-M365.5.2.3.4All member users MFA-capable
high
CIS 5.2.3.4NIST IA-2(1)NIST IA-2(2)NIST SI-2CSF ID.RA-1CSF PR.IP-12SOC2 CC6.1405D 3.M.D
CIS-M365.5.2.4.1Self-service password reset enabled for all users
high
Auto-remediable
CIS 5.2.4.1NIST CM-6CSF PR.IP-1405D 3.M.C
CIS-M365.5.2.4.2Self-service password reset activity report reviewed weekly
high
CIS 5.2.4.2NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2SOC2 CC6.1SOC2 CC7.2405D 3.M.C
CIS-M365.5.2.6.1Azure AD Risky sign-ins report reviewed weekly
high
CIS 5.2.6.1NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2SOC2 CC6.1SOC2 CC7.2405D 8.M.B
CIS-M365.9.1.1Guest user access restricted
high
CIS 9.1.1NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST AC-2NIST AC-6(1)NIST AC-6(7)NIST AU-9(4)CSF DE.CM-3CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.3SOC2 CC6.4SOC2 CC7.2
CIS-M365.9.1.2External user invitations restricted
high
CIS 9.1.2NIST AC-5NIST AC-6NIST AC-6(1)NIST AC-6(7)NIST AU-9(4)CSF PR.AC-4CSF PR.DS-5SOC2 CC6.1SOC2 CC6.3SOC2 CC7.2
CIS-M365.9.1.3Guest access to content restricted
high
CIS 9.1.3NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST AT-2CSF PR.AC-4CSF PR.AT-1CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.9.1.4Publish to web restricted
high
CIS 9.1.4NIST PL-8NIST SA-8CSF ID.AM-3CSF ID.BE-5CSF PR.IP-2CSF PR.PT-5SOC2 CC8.1
CIS-M365.9.1.5R and Python visuals interaction/sharing disabled
high
CIS 9.1.5NIST CM-6NIST CM-7CSF PR.IP-1CSF PR.PT-3
CIS-M365.9.1.6Users can apply sensitivity labels to content
high
CIS 9.1.6NIST CM-12NIST PM-5(1)NIST RA-2CSF ID.AM-5CSF ID.GV-4CSF ID.RA-4CSF ID.RA-5SOC2 CC6.1
CIS-M365.9.1.7Shareable links restricted
high
CIS 9.1.7NIST AC-3NIST AC-5NIST AC-6NIST MP-2CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.9.1.8External data sharing enablement restricted
high
CIS 9.1.8NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST AC-2NIST AC-6(1)NIST AC-6(7)NIST AU-9(4)CSF DE.CM-3CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.3SOC2 CC6.4SOC2 CC7.2
CIS-M365.9.1.9ResourceKey authentication blocked
high
CIS 9.1.9NIST CM-6NIST CM-7CSF PR.IP-1CSF PR.PT-3
Intune(29)
CIS-5.1.1Deploy Microsoft Defender Antivirus baseline
high
Auto-remediable
CIS 5.1.1NIST SI-3SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 2.M.A
CIS-5.1.2Configure Defender Update Controls
medium
Auto-remediable
CIS 5.1.2NIST SI-3SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 2.M.A
CIS-5.1.3Configure Windows Security Experience
medium
Auto-remediable
CIS 5.1.3NIST SI-3SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32
CIS-5.1.4Deploy Windows LAPS
high
Auto-remediable
CIS 5.1.4NIST AC-2SOC2 CC6.1ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.8.2CSF DE.CM-3CSF PR.AC-4GDPR Art.32GDPR Art.5(1)(f)
CIS-5.1.5Deploy MacOS Endpoint Security Antivirus
high
Auto-remediable
CIS 5.1.5NIST SI-3SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 2.M.A
CIS-5.2.10Configure Endpoint Privilege Management
medium
Auto-remediable
CIS 5.2.10NIST AC-6ISO27001 A.5.15ISO27001 A.8.18ISO27001 A.8.2CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1
CIS-5.2.2.1Require BitLocker drive encryption
high
Auto-remediable
CIS 5.2.2.1SOC2 CC6.1NIST IA-2(1)NIST SC-28NIST SI-2ISO27001 A.5.10ISO27001 A.5.33ISO27001 A.6.8ISO27001 A.8.32ISO27001 A.8.8CSF ID.RA-1CSF PR.DS-1CSF PR.IP-12GDPR Art.32GDPR Art.5(1)(f)405D 2.M.A405D 4.M.C
CIS-5.2.2.2Deploy Personal Data Encryption
medium
Auto-remediable
CIS 5.2.2.2SOC2 CC6.1NIST IA-2(1)NIST IA-2(2)NIST SC-28NIST SI-2ISO27001 A.5.10ISO27001 A.5.33ISO27001 A.6.8ISO27001 A.8.32ISO27001 A.8.8CSF ID.RA-1CSF PR.DS-1CSF PR.IP-12GDPR Art.32GDPR Art.5(1)(f)
CIS-5.2.5Configure Exploit Protection
high
Auto-remediable
CIS 5.2.5NIST SI-3SOC2 CC6.8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32
CIS-5.2.6Deploy Edge Security Baseline
medium
Auto-remediable
CIS 5.2.6NIST CM-6SOC2 CC8.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A
CIS-5.2.7Deploy M365 Apps Security Baseline
medium
Auto-remediable
CIS 5.2.7NIST CM-6SOC2 CC8.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A
CIS-5.2.8Configure Device Control
medium
Auto-remediable
CIS 5.2.8NIST MP-7SOC2 CC6.7ISO27001 A.5.10ISO27001 A.7.10CSF PR.DS-1CSF PR.PT-2GDPR Art.32GDPR Art.5(1)(f)
CIS-5.2.9Configure App and Browser Isolation
medium
Auto-remediable
NIST SC-39CIS 5.2.9SOC2 CC6.1
CIS-5.3.1Deploy Windows Security Baseline
high
Auto-remediable
CIS 5.3.1NIST AC-1NIST AC-2NIST AC-2(1)NIST CM-1NIST CM-2NIST CM-6NIST CM-7NIST CM-7(1)NIST CM-9NIST IA-4NIST IA-5NIST SA-10NIST SA-3NIST SA-8ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.17ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.5.8ISO27001 A.8.19ISO27001 A.8.2ISO27001 A.8.25ISO27001 A.8.27ISO27001 A.8.28ISO27001 A.8.30ISO27001 A.8.31ISO27001 A.8.32ISO27001 A.8.9CSF DE.AE-1CSF DE.CM-3CSF ID.BE-5CSF PR.AC-1CSF PR.AC-3CSF PR.AC-4CSF PR.AC-6CSF PR.AC-7CSF PR.DS-7CSF PR.DS-8CSF PR.IP-1CSF PR.IP-2CSF PR.IP-3CSF PR.PT-3GDPR Art.24GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.2SOC2 CC8.1405D 2.M.A
CIS-5.3.2Deploy Windows 365 Security Baseline
high
Auto-remediable
CIS 5.3.2NIST AC-2NIST AC-2(3)NIST CM-6ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.8.2ISO27001 A.8.9CSF DE.CM-3CSF PR.AC-4CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.2405D 2.M.A
CIS-5.3.3Deploy HoloLens 2 Security Baseline
medium
Auto-remediable
CIS 5.3.3NIST AC-2NIST AC-2(3)NIST CM-6ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.8.2ISO27001 A.8.9CSF DE.CM-3CSF PR.AC-4CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.2405D 2.M.A
CIS-5.4.1Deploy Defender for Endpoint security baseline
high
Auto-remediable
CIS 5.4.1NIST SI-4SOC2 CC7.2ISO27001 A.8.16CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-8CSF RS.AN-1GDPR Art.32GDPR Art.33405D 2.M.A405D 2.L.C
CIS-5.5.1Windows device compliance policy configured
high
Auto-remediable
CIS 5.5.1NIST CM-6SOC2 CC6.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A405D 2.M.B
CIS-5.5.2iOS device compliance policy configured
high
Auto-remediable
CIS 5.5.2NIST CM-6SOC2 CC6.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A405D 2.M.B
CIS-5.5.3Android device compliance policy configured
high
Auto-remediable
CIS 5.5.3NIST CM-6SOC2 CC6.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A405D 2.M.B
CIS-5.5.4macOS device compliance policy configured
high
Auto-remediable
CIS 5.5.4NIST CM-6SOC2 CC6.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.A405D 2.M.B
CIS-5.5.5Deploy macOS FileVault disk encryption
high
Auto-remediable
CIS 5.5.5NIST SC-28ISO27001 A.5.10ISO27001 A.5.33CSF PR.DS-1GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1405D 2.M.A405D 4.M.C
CIS-5.7.1Enrollment Status Page configured
low
Auto-remediable
CIS 5.7.1NIST CM-6SOC2 CC6.1ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.M.B405D 2.L.A405D 5.M.A
CIS-5.7.2Device enrollment limit configured
low
Auto-remediable
CIS 5.7.2NIST AC-6SOC2 CC6.1ISO27001 A.5.15ISO27001 A.8.18ISO27001 A.8.2CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)405D 2.M.B405D 5.M.A
CIS-5.8.1Windows Autopilot deployment profile configured
medium
Auto-remediable
CIS 5.8.1NIST CM-2SOC2 CC6.1ISO27001 A.8.9CSF DE.AE-1CSF PR.DS-7CSF PR.IP-1GDPR Art.25GDPR Art.32405D 2.L.A
CIS-6.2.1iOS app protection policy configured
high
Auto-remediable
CIS 6.2.1SOC2 CC6.7NIST AC-19NIST CM-6ISO27001 A.5.14ISO27001 A.7.9ISO27001 A.8.1ISO27001 A.8.9CSF PR.AC-3CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)405D 2.M.B
CIS-6.2.2Android app protection policy configured
high
Auto-remediable
CIS 6.2.2SOC2 CC6.7NIST AC-19NIST CM-6ISO27001 A.5.14ISO27001 A.7.9ISO27001 A.8.1ISO27001 A.8.9CSF PR.AC-3CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)405D 2.M.B
CIS-6.2.3iOS app protection requires data encryption
high
Auto-remediable
CIS 6.2.3NIST CM-6NIST SC-28ISO27001 A.5.10ISO27001 A.5.33ISO27001 A.8.9CSF PR.DS-1CSF PR.IP-1GDPR Art.25GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1405D 2.M.B
CIS-6.2.4Android app protection requires data encryption
high
Auto-remediable
CIS 6.2.4NIST SC-28ISO27001 A.5.10ISO27001 A.5.33CSF PR.DS-1GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1405D 2.M.B
SharePoint(21)
CIS-3.1SharePoint idle session sign-out enabled
medium
Auto-remediable
CIS 3.1NIST AC-11SOC2 CC6.1ISO27001 A.7.7ISO27001 A.8.1GDPR Art.32
CIS-3.2Default sharing link type set to Specific People
medium
Auto-remediable
CIS 3.2NIST AC-3SOC2 CC6.1ISO27001 A.5.15ISO27001 A.5.33ISO27001 A.8.18ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.PT-3GDPR Art.32GDPR Art.5(1)(f)
CIS-3.3External resharing disabled for SharePoint
medium
Auto-remediable
CIS 3.3NIST AC-3(4)SOC2 CC6.1ISO27001 A.8.3GDPR Art.32
CIS-3.4Guest access expiration configured for SharePoint
medium
Auto-remediable
CIS 3.4NIST AC-2(2)ISO27001 A.8.5GDPR Art.32SOC2 CC6.1
CIS-3.5Default link permission set to View
medium
Auto-remediable
CIS 3.5NIST AC-3SOC2 CC6.1ISO27001 A.5.15ISO27001 A.5.33ISO27001 A.8.18ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.PT-3GDPR Art.32GDPR Art.5(1)(f)
CIS-3.6Sharing domain restriction configured for SharePoint
medium
CIS 3.6NIST AC-3SOC2 CC6.1ISO27001 A.5.15ISO27001 A.5.33ISO27001 A.8.18ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4CSF PR.AC-4CSF PR.PT-3GDPR Art.32GDPR Art.5(1)(f)
CIS-3.7Unmanaged device sync restricted for SharePoint
medium
Auto-remediable
CIS 3.7NIST AC-19SOC2 CC6.1ISO27001 A.5.14ISO27001 A.7.9ISO27001 A.8.1CSF PR.AC-3GDPR Art.32GDPR Art.5(1)(f)
CIS-3.8SharePoint site creation restricted to admins
medium
Auto-remediable
CIS 3.8NIST AC-6ISO27001 A.5.15ISO27001 A.8.18ISO27001 A.8.2CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1405D 4.M.B
CIS-M365.7.2.1Modern authentication required for SharePoint apps
high
Auto-remediable
CIS 7.2.1NIST AC-17(2)NIST IA-5NIST IA-5(1)NIST SC-8NIST SC-8(1)NIST SI-2CSF ID.RA-1CSF PR.AC-1CSF PR.AC-6CSF PR.AC-7CSF PR.DS-2CSF PR.IP-12SOC2 CC6.1SOC2 CC6.2SOC2 CC6.6SOC2 CC6.7
CIS-M365.7.2.10Reauthentication with verification code restricted
high
CIS 7.2.10NIST CM-6CSF PR.IP-1
CIS-M365.7.2.2SharePoint/OneDrive Azure AD B2B integration enabled
high
CIS 7.2.2NIST CM-6CSF PR.IP-1
CIS-M365.7.2.3External content sharing restricted
high
Auto-remediable
CIS 7.2.3NIST AC-3NIST AC-5NIST AC-6NIST MP-2CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.7.2.4OneDrive content sharing restricted
high
Auto-remediable
CIS 7.2.4NIST AC-3NIST AC-5NIST AC-6NIST MP-2CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.7.2.5SharePoint guest users blocked from sharing items they don't own
high
Auto-remediable
CIS 7.2.5NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST AT-2CSF PR.AC-4CSF PR.AT-1CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.7.2.6SharePoint external sharing managed via domain allow/block list
high
Auto-remediable
CIS 7.2.6NIST AC-3NIST AC-5NIST AC-6NIST MP-2NIST CA-9NIST SC-7NIST AT-2CSF DE.CM-1CSF ID.AM-3CSF PR.AC-4CSF PR.AC-5CSF PR.AT-1CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3CSF PR.PT-4SOC2 CC6.1SOC2 CC6.4405D 4.M.B
CIS-M365.7.2.7Link sharing restricted in SharePoint and OneDrive
high
Auto-remediable
CIS 7.2.7NIST AC-3NIST AC-5NIST AC-6NIST MP-2CSF PR.AC-4CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3SOC2 CC6.1SOC2 CC6.4
CIS-M365.7.2.8External sharing restricted by security group
high
CIS 7.2.8NIST AC-2NIST AC-5NIST AC-6NIST AC-6(1)NIST AC-6(7)NIST AU-9(4)CSF DE.CM-3CSF PR.AC-4CSF PR.DS-5SOC2 CC6.1SOC2 CC6.3SOC2 CC7.2405D 4.M.B
CIS-M365.7.2.9Guest access to sites/OneDrive auto-expires
high
Auto-remediable
CIS 7.2.9NIST CM-6CSF PR.IP-1
CIS-M365.7.3.1Infected SharePoint files blocked from download
high
CIS 7.3.1NIST SI-3NIST AU-1NIST AU-2CSF DE.CM-4CSF DE.DP-3CSF PR.PT-1
CIS-M365.7.3.2OneDrive sync restricted on unmanaged devices
high
Auto-remediable
CIS 7.3.2NIST CM-6CSF PR.IP-1
CIS-M365.7.3.3Custom script execution restricted on personal sites
high
CIS 7.3.3NIST CM-7NIST CM-7(1)NIST SI-7NIST SI-7(1)CIS 7.3.4CSF PR.DS-6CSF PR.IP-1CSF PR.PT-3SOC2 CC6.1SOC2 CC7.2
Exchange(15)
CIS-6.1.1aModern authentication enabled for Exchange Online
high
Auto-remediable
CIS 6.1.1NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7NIST IA-2ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.AC-1CSF PR.AC-3CSF PR.AC-4CSF PR.AC-6CSF PR.AC-7CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2
CIS-6.1.2MailTips enabled for external recipients
low
Auto-remediable
CIS 6.1.2NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7NIST SI-3ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2ISO27001 A.8.7CSF DE.CM-1CSF DE.CM-3CSF DE.CM-4CSF DE.CM-7CSF DE.DP-3CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2
CIS-M365.2.1.1Safe Links enabled for Office applications
medium
Auto-remediable
CIS M365 2.1.1NIST RA-5NIST RA-7NIST SI-2NIST SI-2(2)NIST SI-3ISO27001 A.6.8ISO27001 A.8.32ISO27001 A.8.7ISO27001 A.8.8CSF DE.AE-2CSF DE.CM-4CSF DE.CM-8CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF ID.RA-6CSF PR.IP-12CSF RS.AN-1CSF RS.AN-5CSF RS.MI-3GDPR Art.32SOC2 CC4.2SOC2 CC8.1405D 1.L.A
CIS-M365.2.1.11Comprehensive attachment filtering applied
high
Auto-remediable
CIS M365 2.1.11NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-6NIST AU-6(1)NIST AU-7(1)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.25ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.6.8ISO27001 A.8.15ISO27001 A.8.2CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 1.M.A
CIS-M365.2.1.12Connection filter IP allow list disabled
medium
Auto-remediable
CIS M365 2.1.12NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-6NIST AU-6(1)NIST AU-7(1)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.25ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.6.8ISO27001 A.8.15ISO27001 A.8.2CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 1.M.A
CIS-M365.2.1.13Connection filter safe list off
medium
Auto-remediable
CIS M365 2.1.13NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-6NIST AU-6(1)NIST AU-7(1)ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.25ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.6.8ISO27001 A.8.15ISO27001 A.8.2CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 1.M.A
CIS-M365.2.1.2Common Attachment Types filter enabled
medium
Auto-remediable
CIS M365 2.1.2NIST AU-1NIST AU-2NIST SI-3NIST SI-8ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3CSF PR.PT-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)405D 1.M.A
CIS-M365.2.1.3Notifications enabled when internal users send malware
medium
Auto-remediable
CIS M365 2.1.3NIST AU-1NIST AU-2NIST IR-1NIST IR-8NIST RA-5ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.24ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.8CSF DE.AE-2CSF DE.AE-3CSF DE.AE-5CSF DE.CM-8CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF ID.SC-5CSF PR.IP-12CSF PR.IP-7CSF PR.IP-8CSF PR.IP-9CSF PR.PT-1CSF RC.IM-1CSF RC.IM-2CSF RC.RP-1CSF RS.AN-1CSF RS.AN-4CSF RS.CO-1CSF RS.CO-2CSF RS.CO-3CSF RS.CO-4CSF RS.IM-1CSF RS.IM-2CSF RS.MI-3CSF RS.RP-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.34GDPR Art.5(1)(f)
CIS-M365.2.1.4Safe Attachments policy enabled
high
Auto-remediable
CIS M365 2.1.4NIST AU-1NIST AU-2NIST SI-3NIST SI-8ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3CSF PR.PT-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)405D 1.L.A
CIS-M365.2.1.5Safe Attachments enabled for SharePoint, OneDrive, and Teams
high
Auto-remediable
CIS M365 2.1.5NIST AU-1NIST AU-2NIST SI-3NIST SI-8ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3CSF PR.PT-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)405D 1.L.A
CIS-M365.2.1.6Exchange Online spam policies notify administrators
medium
Auto-remediable
CIS M365 2.1.6NIST IR-1NIST IR-8ISO27001 A.5.1ISO27001 A.5.2ISO27001 A.5.24ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4CSF DE.AE-3CSF DE.AE-5CSF ID.SC-5CSF PR.IP-7CSF PR.IP-8CSF PR.IP-9CSF RC.IM-1CSF RC.IM-2CSF RC.RP-1CSF RS.AN-4CSF RS.CO-1CSF RS.CO-2CSF RS.CO-3CSF RS.CO-4CSF RS.IM-1CSF RS.IM-2CSF RS.RP-1GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.34GDPR Art.5(1)(f)405D 1.M.A
CIS-M365.2.1.7At least one anti-phishing policy exists
medium
Auto-remediable
CIS M365 2.1.7NIST SI-3NIST SI-8ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 1.M.A
CIS-M365.2.1.9DKIM enabled for all Exchange Online domains
high
Auto-remediable
CIS M365 2.1.9NIST SC-7ISO27001 A.5.14ISO27001 A.8.16ISO27001 A.8.20ISO27001 A.8.22ISO27001 A.8.23CSF DE.CM-1CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)405D 1.M.A
CIS-M365.2.4.4Zero-hour auto purge enabled for Teams
medium
Auto-remediable
CIS M365 2.4.4NIST SI-3ISO27001 A.8.7CSF DE.CM-4CSF DE.DP-3GDPR Art.32405D 1.M.A
CIS-M365.6.1.4AuditDisabled set to False organizationally
high
Auto-remediable
CIS 6.1.4NIST AU-3NIST AU-3(1)NIST AU-7NIST AU-12CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.PT-1CSF RS.AN-3SOC2 CC7.2
Teams(14)
CIS-M365.8.1.1Teams external file sharing limited to approved cloud storage providers
medium
Auto-remediable
CIS M365 8.1.1NIST AC-3NIST AC-5NIST AC-6NIST AT-2NIST MP-2ISO27001 A.5.10ISO27001 A.5.15ISO27001 A.5.3ISO27001 A.5.33ISO27001 A.6.3ISO27001 A.7.10ISO27001 A.7.7ISO27001 A.8.18ISO27001 A.8.2ISO27001 A.8.20ISO27001 A.8.26ISO27001 A.8.3ISO27001 A.8.4ISO27001 A.8.7CSF PR.AC-4CSF PR.AT-1CSF PR.DS-1CSF PR.DS-5CSF PR.PT-2CSF PR.PT-3GDPR Art.32GDPR Art.39(1)(b)GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.4
CIS-M365.8.1.2Channel email addresses blocked from receiving user email
high
Auto-remediable
CIS 8.1.2NIST CM-6CSF PR.IP-1
CIS-M365.8.2.2Communication with unmanaged Teams users disabled
medium
Auto-remediable
CIS M365 8.2.2
CIS-M365.8.2.4Communication with Skype users disabled
medium
Auto-remediable
CIS M365 8.2.4
CIS-M365.8.4.1Most third-party and custom apps blocked
high
Auto-remediable
CIS M365 8.4.1NIST CM-10NIST CM-7NIST CM-7(1)NIST CM-7(5)NIST SI-7NIST SI-7(1)ISO27001 A.5.32ISO27001 A.8.19CSF DE.CM-3CSF PR.DS-6CSF PR.IP-1CSF PR.PT-3GDPR Art.32SOC2 CC6.1SOC2 CC7.2SOC2 CC8.1
CIS-M365.8.5.1Anonymous users blocked from joining meetings
high
Auto-remediable
CIS 8.5.1NIST CM-6CSF PR.IP-1
CIS-M365.8.5.2Anonymous and dial-in users blocked from starting meetings
high
Auto-remediable
CIS 8.5.2NIST CM-6CSF PR.IP-1
CIS-M365.8.5.3Lobby bypass restricted to org users
medium
Auto-remediable
CIS M365 8.5.3NIST AC-2NIST AC-5NIST AC-6NIST AC-6(1)NIST AC-6(7)NIST AU-9(4)ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.3ISO27001 A.8.18ISO27001 A.8.2CSF DE.CM-3CSF PR.AC-4CSF PR.DS-5GDPR Art.32GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC6.3SOC2 CC7.2
CIS-M365.8.5.4Dial-in users blocked from bypassing meeting lobby
high
Auto-remediable
CIS 8.5.4NIST CM-6CSF PR.IP-1
CIS-M365.8.5.5Meeting chat blocks anonymous users
high
Auto-remediable
CIS 8.5.5NIST CM-6CSF PR.IP-1
CIS-M365.8.5.6Only organizers and co-organizers can present
high
Auto-remediable
CIS 8.5.6NIST CM-6CSF PR.IP-1
CIS-M365.8.5.7External participants blocked from give/request control
high
Auto-remediable
CIS 8.5.7NIST CM-6CSF PR.IP-1
CIS-M365.8.5.8External meeting chat disabled
high
Auto-remediable
CIS 8.5.8NIST PL-8NIST SA-8CSF ID.AM-3CSF ID.BE-5CSF PR.IP-2CSF PR.PT-5SOC2 CC8.1
CIS-M365.8.6.1Users can report Teams security concerns to internal destination
medium
Auto-remediable
CIS M365 8.6.1NIST CM-6ISO27001 A.8.9CSF PR.IP-1GDPR Art.25GDPR Art.32
Defender(8)
CIS-M365.2.1.10DMARC records published for all Exchange Online domains
high
CIS 2.1.10NIST SC-7CSF DE.CM-1CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4405D 1.M.A
CIS-M365.2.1.14Comprehensive attachment filtering applied
high
Auto-remediable
CIS 2.1.14NIST SI-3NIST SI-8NIST AU-1NIST AU-2CSF DE.CM-4CSF DE.DP-3CSF PR.PT-1405D 1.M.A
CIS-M365.2.1.8SPF records published for all Exchange domains
high
CIS 2.1.8NIST SC-7CSF DE.CM-1CSF PR.AC-5CSF PR.DS-5CSF PR.PT-4405D 1.M.A
CIS-M365.2.3.1Account Provisioning Activity report reviewed weekly
high
CIS 2.3.1NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2SOC2 CC6.1SOC2 CC7.2
CIS-M365.2.3.2Non-global-admin role assignments reviewed weekly
high
CIS 2.3.2NIST AU-6NIST AU-6(1)NIST AU-7(1)NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.AE-2CSF DE.AE-3CSF DE.CM-3CSF DE.DP-4CSF ID.SC-4CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-1CSF RS.CO-2SOC2 CC6.1SOC2 CC7.2405D 3.L.B
CIS-M365.2.4.1Priority Account protection enabled and configured
high
CIS 2.4.1NIST SI-3NIST SI-8CSF DE.CM-4CSF DE.DP-3
CIS-M365.2.4.2Priority Accounts covered by Strict protection preset
high
CIS 2.4.2NIST SI-3NIST SI-8NIST SI-4CSF DE.AE-1CSF DE.AE-2CSF DE.AE-3CSF DE.AE-4CSF DE.CM-1CSF DE.CM-4CSF DE.CM-5CSF DE.CM-6CSF DE.CM-7CSF DE.DP-2CSF DE.DP-3CSF DE.DP-4CSF DE.DP-5CSF ID.RA-1CSF PR.DS-5CSF PR.IP-8CSF RS.AN-1
CIS-M365.2.4.3Microsoft Defender for Cloud Apps enabled and configured
high
CIS 2.4.3NIST SI-3NIST SI-16NIST AC-1NIST AC-2NIST AC-2(1)CSF DE.CM-3CSF DE.CM-4CSF DE.DP-3CSF PR.AC-3CSF PR.AC-4SOC2 CC6.1
Purview(4)
CIS-M365.3.1.1Microsoft 365 unified audit log search enabled
high
Auto-remediable
CIS M365 3.1.1NIST AC-1NIST AC-2NIST AC-2(1)NIST AU-12NIST AU-2NIST AU-7ISO27001 A.5.1ISO27001 A.5.15ISO27001 A.5.16ISO27001 A.5.18ISO27001 A.5.2ISO27001 A.5.31ISO27001 A.5.36ISO27001 A.5.37ISO27001 A.5.4ISO27001 A.8.15ISO27001 A.8.2CSF DE.CM-1CSF DE.CM-3CSF DE.CM-7CSF PR.AC-3CSF PR.AC-4CSF PR.PT-1CSF RS.AN-3GDPR Art.24GDPR Art.32GDPR Art.33GDPR Art.5(1)(f)SOC2 CC6.1SOC2 CC7.2405D 8.M.ACopilot Pre-Deployment
CIS-M365.3.2.1DLP policies enabled
high
CIS 3.2.1NIST AU-11NIST CM-12NIST SI-12NIST AT-2CSF PR.AT-1SOC2 CC7.2SOC2 PI1.3405D 4.M.ECopilot Pre-Deployment
CIS-M365.3.2.2DLP policies enabled for Teams
high
CIS 3.2.2NIST AU-11NIST CM-12NIST SI-12NIST AT-2CSF PR.AT-1SOC2 CC7.2SOC2 PI1.3405D 4.M.E
CIS-M365.3.3.1SharePoint Online Information Protection policies in use
high
CIS 3.3.1NIST RA-2NIST AU-6(1)NIST AU-7NIST IR-4(1)NIST SI-4(2)NIST SI-4(5)NIST AT-2CSF ID.AM-5CSF ID.GV-4CSF ID.RA-4CSF ID.RA-5CSF PR.AT-1CSF PR.PT-1CSF RS.AN-3SOC2 CC7.2SOC2 CC7.4Copilot Pre-Deployment