Those are the “levels of security” required by the benchmark. See Center for Internet Security (CIS) Benchmarks - Microsoft Compliance | Microsoft Learn
CIS benchmarks provide two levels of security settings:
- Level 1 recommends essential basic security requirements that can be configured on any system and should cause little or no interruption of service or reduced functionality.
- Level 2 recommends security settings for environments requiring greater security that could result in some reduced functionality.