| 2.12 Enable Secure Logging - 'syslog cplogs' | AUDIT AND ACCOUNTABILITY |
| 2.12 Enable Secure Logging - 'syslog log-remote-address' | AUDIT AND ACCOUNTABILITY |
| 3.10 Take Configuration Snapshots Regularly - 'set snapshot' | CONTINGENCY PLANNING |
| 3.11 Take Configuration Snapshots Regularly - 'add snapshot' | CONTINGENCY PLANNING |
| Banner Messages - 'banner' | ACCESS CONTROL |
| Banner Messages - 'motd' | ACCESS CONTROL |
| Base Config - 'DHCP Client Disabled' | CONFIGURATION MANAGEMENT |
| Base Config - 'Host Name has been configured' | CONFIGURATION MANAGEMENT |
| Base Config - 'Review Host Name' | CONFIGURATION MANAGEMENT |
| Base Config - 'Time Zone' | CONFIGURATION MANAGEMENT |
| CLI Interface - 'set inactivity-timeout <= 10' | ACCESS CONTROL |
| Dedicated management port - 'set interface Mgmt state on' | SYSTEM AND COMMUNICATIONS PROTECTION |
| dns Service - 'dns server primary is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
| dns Service - 'dns server secondary is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
| Expert Mode - 'set expert-password plain does not exist' | IDENTIFICATION AND AUTHENTICATION |
| ftp Service - 'set backup restore ftp does not exist' | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Network - 'add allowed-client host any-host' not set | SYSTEM AND COMMUNICATIONS PROTECTION |
| ntp Service - 'ntp server primary is configured' | AUDIT AND ACCOUNTABILITY |
| ntp Service - 'ntp server secondary is configured' | AUDIT AND ACCOUNTABILITY |
| ntp Service - 'set ntp active = on' | AUDIT AND ACCOUNTABILITY |
| Password Controls - 'complexity >= 1' | IDENTIFICATION AND AUTHENTICATION |
| Password Controls - 'history-checking = true' | IDENTIFICATION AND AUTHENTICATION |
| Password Controls - 'history-length >= 5' | IDENTIFICATION AND AUTHENTICATION |
| Password Controls - 'min-password-length >= 8' | IDENTIFICATION AND AUTHENTICATION |
| Password Controls - 'palindrome = true' | IDENTIFICATION AND AUTHENTICATION |
| Password Controls - 'password-expiration != never' | IDENTIFICATION AND AUTHENTICATION |
| SNMP Service - 'no public or private read-write community strings exist' | IDENTIFICATION AND AUTHENTICATION |
| SNMP Service - 'set snmp agent = off' | CONFIGURATION MANAGEMENT |
| SNMP Service - 'set snmp agent-version = v3' | CONFIGURATION MANAGEMENT |
| SNMP Service - 'set snmp community public does not exist' | IDENTIFICATION AND AUTHENTICATION |
| SNMP Service - 'SNMP settings should be reviewed' | CONFIGURATION MANAGEMENT |
| telnet Service - 'set net-access telnet = off' | CONFIGURATION MANAGEMENT |
| tftp Service - 'set backup restore tftp does not exist' | SYSTEM AND COMMUNICATIONS PROTECTION |
| User Accounts - 'User Account shell should be /etc/cli.sh' | CONFIGURATION MANAGEMENT |
| User Accounts - 'User Accounts should be reviewed' | ACCESS CONTROL |
| User Authentication - 'radius-servers' | IDENTIFICATION AND AUTHENTICATION |
| User Authentication - 'ssl-certificate cert-file passphrase' | IDENTIFICATION AND AUTHENTICATION |
| User Authentication - 'tacacs-servers' | IDENTIFICATION AND AUTHENTICATION |
| Web Interface - 'set web session-timeout <= 10' | ACCESS CONTROL |
| Web Interface - 'set web ssl-port is configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
| Web Interface - 'set web ssl3-enabled is disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
