| Ensure 'aaa local authentication max failed attempts' is set to your organization's poicy | ACCESS CONTROL |
| Ensure 'console session timeout' is set to organizational policy | ACCESS CONTROL |
| Ensure 'EIGRP authentication' is enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Failover' is enabled | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'Host Name' is set | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is set to organzational policy | ACCESS CONTROL |
| Ensure 'HTTP source restriction' is set to an authorized IP address | ACCESS CONTROL |
| Ensure 'Image Authenticity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'Image Integrity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging buffered severity ' is greater than or equal to '3' | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled - show logging | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to Serial console' is disabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging trap severity ' is greater than or equal to '5' | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging trap' is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging with timestamps' is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging with timestamps' is enabled - show logging | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging' is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure 'noproxyarp' is enabled for untrusted interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'OSPF authentication' is enabled | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'Password Policy' is enabled - minimum-length | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'RIP authentication' is enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'SNMP community string' is not the default string | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - authentication | AUDIT AND ACCOUNTABILITY |
| Ensure 'SNMP traps' is enabled - coldstart | AUDIT AND ACCOUNTABILITY |
| Ensure 'SNMP traps' is enabled - linkdown | AUDIT AND ACCOUNTABILITY |
| Ensure 'SNMP traps' is enabled - linkup | AUDIT AND ACCOUNTABILITY |
| Ensure 'snmp-server group' is set to 'v3 priv' | AUDIT AND ACCOUNTABILITY |
| Ensure 'snmp-server group' is set to 'v3 priv' - show snmp-server | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'syslog hosts' is configured correctly | AUDIT AND ACCOUNTABILITY |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | ACCESS CONTROL |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TLS 1.0' is set for HTTPS access | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Unused Interfaces' is disable | ACCESS CONTROL |
| Ensure DHCP services are disabled for untrusted interfaces - dhcpd | CONFIGURATION MANAGEMENT |
| Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - domain-lookup | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - name-server | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure email logging is configured for critical to emergency | AUDIT AND ACCOUNTABILITY |
| Ensure email logging is enabled | AUDIT AND ACCOUNTABILITY |
| Ensure ICMP is restricted for untrusted interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure intrusion prevention is enabled for untrusted interfaces | SYSTEM AND INFORMATION INTEGRITY |
| Ensure known default accounts do not exist - cmd_exec | ACCESS CONTROL |
| Ensure non-default application inspection is configured correctly | SYSTEM AND INFORMATION INTEGRITY |
| Ensure packet fragments are restricted for untrusted interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure timezone is properly configured | CONFIGURATION MANAGEMENT |
