| 1.1.2 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
| 1.6.1 Ensure 'Verify Update Server Identity' is enabled | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Ensure a fully-synchronized High Availability peer is configured | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.3 Set 'no interface tunnel' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.1 Set Interfaces with no Peers to Passive-Interface | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS L2 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure Condition | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election Setings | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Passive Link State | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1 Configure DHCP Trust | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Configure Storm Control | CIS Cisco NX-OS L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.3 Set 'key-string' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.4 Set 'ip rip authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Configure LLDP | CIS Cisco NX-OS L1 v1.1.0 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Configure CDP | CIS Cisco NX-OS L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Ensure that incoming container traffic is bound to a specific host interface | CIS Docker v1.6.0 L1 Docker Linux | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.13 Ensure Autoinstallation is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 7.9 Ensure All Web Content is Accessed via HTTPS | CIS Apache HTTP Server 2.4 L1 v2.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.9 Ensure All Web Content is Accessed via HTTPS | CIS Apache HTTP Server 2.4 L1 v2.1.0 Middleware | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
