| Access Security - Configure a warning banner that is displayed prior to login | ACCESS CONTROL |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - finger | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - ftp | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - J-Web over HTTP | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - rlogin | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - rsh | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - telnet | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - tftp-server | CONFIGURATION MANAGEMENT |
| Access Security - Disable insecure or unnecessary access services (telnet, J-Web over HTTP, FTP, etc.) - xnm-clear-text | CONFIGURATION MANAGEMENT |
| Access Security - Enable required secure access services - J-Web over HTTPS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - Enable required secure access services - ssh | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - J-Web - Limit access to only authorized interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - J-Web - Set session-limit restrictions suitable for your environment | ACCESS CONTROL |
| Access Security - J-Web - Terminate idle connections by setting the idle-time value | ACCESS CONTROL |
| Access Security - J-Web - Use HTTPS with a valid certificate signed by a trusted CA - local-certificate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - J-Web - Use HTTPS with a valid certificate signed by a trusted CA - trusted CA | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - SSH - Deny Root logins | ACCESS CONTROL |
| Access Security - SSH - Set connection-limit and rate-limit restrictions - connection-limit | ACCESS CONTROL |
| Access Security - SSH - Set connection-limit and rate-limit restrictions - rate-limit | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - SSH - Use SSH version 2 | CONFIGURATION MANAGEMENT |
| Audited configuration or device is JUNOS 12. | CONFIGURATION MANAGEMENT |
| Firewall Filter - Ensure the last term, default-deny, includes the syslog option | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Order terms with time sensitive protocols at the top | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Permit only required protocols from authorized sources | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Protect the Routing Engine using a default deny firewall filter | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Rate-limit authorized protocols using policers | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Rate-limit SYN packets to protect against a SYN flood attack | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - client-list restrict | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - clients restrict | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - community trap | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - usm traps | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a password policy | IDENTIFICATION AND AUTHENTICATION |
| Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a policy - community | IDENTIFICATION AND AUTHENTICATION |
| Management Services Security - Community strings and USM passwords should be difficult to guess and should follow a policy - usm | IDENTIFICATION AND AUTHENTICATION |
| Management Services Security - Configure automated secure configuration backups to more than one trusted server - archive-sites | CONTINGENCY PLANNING |
| Management Services Security - Configure automated secure configuration backups to more than one trusted server - transfer-interval | CONTINGENCY PLANNING |
| Management Services Security - Configure NTP with authentication with more than one trusted server - authentication type | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Configure NTP with authentication with more than one trusted server - authentication value | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Configure NTP with authentication with more than one trusted server - multiple servers | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Configure NTP with authentication with more than one trusted server - trusted-key | AUDIT AND ACCOUNTABILITY |
| Management Services Security - Configure read-only access; use read-write only when required | ACCESS CONTROL |
| Management Services Security - Configure read-only access; use read-write only when required - community | ACCESS CONTROL |
| Management Services Security - Configure read-only access; use read-write only when required - usm | ACCESS CONTROL |
| Management Services Security - Configure SNMP using the most secure method with more than one trusted server | IDENTIFICATION AND AUTHENTICATION |
| Management Services Security - Configure SNMP using the most secure method with more than one trusted server - v1/v2 not configured | IDENTIFICATION AND AUTHENTICATION |
| Management Services Security - Configure SNMP using the most secure method with more than one trusted server - v3 configured | CONFIGURATION MANAGEMENT |
| Management Services Security - Send Syslog messages to more than one trusted server with enhanced timestamps | AUDIT AND ACCOUNTABILITY |
| Network Security - Configure LLDP only on required network ports - LLDP | CONFIGURATION MANAGEMENT |
| Network Security - Configure LLDP only on required network ports - LLDP-MED | CONFIGURATION MANAGEMENT |
