| 1.3 Enable TCP Wrappers and a host based firewall (firewall_enable) | CIS FreeBSD v1.0.5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.iscsi has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - Link local addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - Multicast addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ignore Erroneous or Unwanted Queries - RFC 1918 172.16/12; addresses | CIS BIND DNS v3.0.1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.1 Ensure IP forwarding is disabled - '/etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.default.accept_source_route = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.default.accept_redirects = 0 /etc/sysctl.conf sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.6 Ensure bogus ICMP responses are ignored - sysctl | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.default.rp_filter = 1 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled - sysctl | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'sysctl net.ipv6.conf.default.accept_ra = 0' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.all.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.4 Ensure loopback traffic is configured - allow out v6 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.7 Ensure default deny firewall policy | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.1 Ensure nftables is installed | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.2 Ensure Uncomplicated Firewall is not installed or disabled | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.3 Ensure iptables are flushed - v6 | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.4 Ensure a table exists | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.6 Ensure loopback traffic is configured - lo | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.8 Ensure default deny firewall policy - forward | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3 Ensure loopback traffic is configured - OUTPUT | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1.1 Ensure iptables packages are installed - iptables | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1.1 Ensure iptables packages are installed - iptables-persistent | CIS Debian Family Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.1 Ensure default deny firewall policy - OUTPUT | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local connection security rules | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local connection security rules | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local connection security rules | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local connection security rules | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local connection security rules - Public Profile | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable port locking by default on the VM guest network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure TCP Wrappers is installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows Server 2019 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows Server 2016 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows Server 1903 MS v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 1803 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Firewall: Protect all network connections | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Firewall: Protect all network connections | MSCT Windows 10 v1507 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Only allow access to required network services | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
