Item Search

NameAudit NamePluginCategory
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS 12 L1 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.4 SNMP Security - b) SNMP serverTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.1 Protection Policy for the CPS Control EngineTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 NTP Security Protection - b) NTP access-groupTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabledCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.5 Ensure allowed-client is set to those necessary for device managementCIS Check Point Firewall L2 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

2.7 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connectionsCIS Microsoft SharePoint 2019 OS v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

2.7.4 - SNMP - restrict public community access - 'all communities have IP access restrictions'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zonesCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

2.8 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connectionsCIS Microsoft SharePoint 2016 OS v1.1.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied'CIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

6.4 Ensure Geo-Restriction is enabled within Cloudfront DistributionCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPSCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.21 Create the App tier ELB Security Group and ensure only accepts HTTP/HTTPSCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Create the App tier Security Group and ensure it allows inbound connections from App tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.23 Ensure App tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.25 Ensure Data tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zoneCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

Access control listsArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Access control listsArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Authentication policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Device Connection Control policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Configuration Server policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Element Authentication must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - IPfilter policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Switch Connection Control policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'SSH source restriction' is set to an authorized IP addressTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'SSH source restriction' is set to an authorized IP addressTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'threat-detection statistics' is set to 'tcp-intercept'Tenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure packet fragments are restricted for untrusted interfacesTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

FireEye - Management interface is only accessible from specific IP rangesTNS FireEyeFireEye

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Order terms with time sensitive protocols at the topJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

Firewall Filter - Permit only required protocols from authorized sourcesJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

Inbound Connections - Domain ProfileMSCT Windows 10 v21H1 v1.0.0Windows

SYSTEM AND COMMUNICATIONS PROTECTION

Network Security - Ensure IP directed broadcast has not been configuredJuniper Hardening JunOS 12 Devices ChecklistJuniper

SYSTEM AND COMMUNICATIONS PROTECTION

Port securityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Port security auto-recoveryArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION