| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4 SNMP Security - b) SNMP server | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Protection Policy for the CPS Control Engine | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 NTP Security Protection - b) NTP access-group | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connections | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.7.4 - SNMP - restrict public community access - 'all communities have IP access restrictions' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure that security policies restrict User-ID Agent traffic from crossing into untrusted zones | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Ensure the SharePoint Central Administration site is not accessible from Extranet or Internet connections | CIS Microsoft SharePoint 2016 OS v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure Geo-Restriction is enabled within Cloudfront Distribution | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.21 Create the App tier ELB Security Group and ensure only accepts HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.22 Create the App tier Security Group and ensure it allows inbound connections from App tier ELB Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.23 Ensure App tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.25 Ensure Data tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access control lists | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access control lists | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Authentication policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Device Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Fabric Configuration Server policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Fabric Element Authentication must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Switch Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Management interface is only accessible from specific IP ranges | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Order terms with time sensitive protocols at the top | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Permit only required protocols from authorized sources | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Inbound Connections - Domain Profile | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network Security - Ensure IP directed broadcast has not been configured | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Port security | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Port security auto-recovery | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
