| 2.1.6 Ensure the latest firmware is installed | SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT |
| 2.1.7 Disable USB Firmware and configuration installation | CONFIGURATION MANAGEMENT |
| 2.1.8 Disable static keys for TLS | CONFIGURATION MANAGEMENT |
| 2.1.9 Enable Global Strong Encryption | ACCESS CONTROL |
| 2.1.11 Ensure CDN is enabled for improved GUI performance | CONFIGURATION MANAGEMENT |
| 2.3.1 Ensure only SNMPv3 is enabled | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Allow only trusted hosts in SNMPv3 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure High Availability configuration is enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1 Ensure that unused policies are reviewed regularly | CONFIGURATION MANAGEMENT |
| 4.1.1 Detect Botnet connections | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.1 Ensure Antivirus Definition Push Updates are Configured | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.2 Apply Antivirus Security Profile to Policies | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.3 Enable Outbreak Prevention Database | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.4 Enable AI /heuristic based malware detection | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.5 Enable grayware detection on antivirus | SYSTEM AND INFORMATION INTEGRITY |
| 4.3.1 Enable Botnet C&C Domain Blocking DNS Filter | SYSTEM AND INFORMATION INTEGRITY |
| 4.4.2 Block applications running on non-default ports | SYSTEM AND INFORMATION INTEGRITY |
| 5.2.1.1 Ensure Security Fabric is Configured | CONFIGURATION MANAGEMENT |
| 6.1.1 Apply a Trusted Signed Certificate for VPN Portal | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.1.2 Enable Limited TLS Versions for SSL VPN | CONFIGURATION MANAGEMENT |
| 7.1.1 Enable Event Logging | AUDIT AND ACCOUNTABILITY |
| 7.3.1 Centralized Logging and Reporting | AUDIT AND ACCOUNTABILITY |
