| 1.6.12 - TCP/IP Tuning - 'udp_pmtu_discover = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.13 - TCP/IP Tuning - 'ipsrcrouterecv = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.14 - TCP/IP Tuning - 'nonlocsrcroute = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.16 - TCP/IP Tuning - 'sockthresh <= 60' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.19 - TCP/IP Tuning - 'tcp_recvspace >= 262144' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Allow Docker to make changes to iptables | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.license is installed' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.4 - TCP Wrappers - wrapping inetd services - 'all enabled inetd.conf services use TCP wrappers' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - /etc/sysctl ipv4 all accept | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - sysctl ipv4 default accept | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secure | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - /etc/sysctl ipv4 all secure | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored - sysctl | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.6 Ensure bogus ICMP responses are ignored - sysctl | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filter | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure Reverse Path Filtering is enabled - sysctl ipv4 all rp_filter | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.9 ipsrcrouterecv | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.11 ip6srcrouteforward | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.17 udp_pmtu_discover | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ignore erroneous or unwanted traffic 'Link Local' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.6 ipignoreredirects | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.8 ipsrcrouteforward | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.9 ipsrcrouterecv | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.17 udp_pmtu_discover | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Network Parameter Modifications - Check if 'ip_ire_flush_interval' is set 60000 to in /etc/init.d/netconfig (Solaris 2.6 or 7) | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Network Parameter Modifications - Check if 'ip_respond_to_address_mask_broadcast' is set to 0 in /etc/init.d/netconfig. | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4 Network Parameter Modifications - Check if 'ip6_ignore_redirect' is set 1 to in /etc/init.d/netconfig (Solaris 8 or later) | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Additional network parameter - If Firewall/Gateway, Check 'ip_send_redirects' = 0 in /etc/init.d/netconfig. | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5 Additional network parameter - If Firewall/Gateway, Check 'ip6_forwarding' = 0 in /etc/init.d/netconfig (Solaris 8 or later) | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure Firewall is active - iptables-persistent run level 3 | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2019 v3.0.1 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Windows Server 2012 DC L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Windows Server 2012 R2 MS L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Microsoft Windows Server 2022 STIG v1.0.0 L2 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-forged-transmit - 'PortGroup' | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-mac-changes - 'portgroup' | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-mac-changes - 'vswitch' | VMWare vSphere 6.0 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-mac-changes-StandardSwitch | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
