| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CONFIGURATION MANAGEMENT |
| 1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5' | AUDIT AND ACCOUNTABILITY |
| Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | ACCESS CONTROL |
| Ensure 'console session timeout' is less than or equal to '5' minutes | ACCESS CONTROL |
| Ensure 'EIGRP authentication' is enabled | CONFIGURATION MANAGEMENT |
| Ensure 'Failover' is enabled | CONFIGURATION MANAGEMENT |
| Ensure 'Host Name' is set | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | CONFIGURATION MANAGEMENT |
| Ensure 'Image Authenticity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'Image Integrity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | CONFIGURATION MANAGEMENT |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging buffered severity ' is greater than or equal to '3' | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | CONFIGURATION MANAGEMENT |
| Ensure 'logging to Serial console' is disabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging with timestamps' is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging' is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'noproxyarp' is enabled for untrusted interfaces | CONFIGURATION MANAGEMENT |
| Ensure 'OSPF authentication' is enabled | CONFIGURATION MANAGEMENT |
| Ensure 'Password Policy' is enabled - minimum-length | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'RIP authentication' is enabled | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP community string' is not the default string | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - authentication | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - coldstart | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkdown | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkup | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server group' is set to 'v3 priv' | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server host' is set to 'version 3' | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'syslog hosts' is configured correctly | AUDIT AND ACCOUNTABILITY |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TLS 1.0' is set for HTTPS access | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Unused Interfaces' is disable | ACCESS CONTROL |
| Ensure DHCP services are disabled for untrusted interfaces - dhcpd | CONFIGURATION MANAGEMENT |
| Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - domain-lookup | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - name-server | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure email logging is configured for critical to emergency | CONFIGURATION MANAGEMENT |
| Ensure ICMP is restricted for untrusted interfaces | CONFIGURATION MANAGEMENT |
| Ensure intrusion prevention is enabled for untrusted interfaces | CONFIGURATION MANAGEMENT |
| Ensure known default accounts do not exist | IDENTIFICATION AND AUTHENTICATION |
| Ensure non-default application inspection is configured correctly | SYSTEM AND INFORMATION INTEGRITY |
| Ensure packet fragments are restricted for untrusted interfaces | CONFIGURATION MANAGEMENT |
| Ensure timezone is properly configured | CONFIGURATION MANAGEMENT |
