| 1.1.5.3.6 Set 'Windows Firewall: Public: Allow unicast response' to 'No' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 - TCP/IP Tuning - 'ipsrcroutesend = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.11 - TCP/IP Tuning - 'icmpaddressmask = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.3 Enable Firewall | CIS Apple OSX 10.9 L1 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Restrict Access to Cache 'trusted, localhost' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.7 ipsendredirects | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.8 ipsrcrouteforward | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.10 ipsrcroutesend | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.15 tcp_pmtu_discover | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.16 tcp_tcpsecure | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing)' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Intune for Windows 11 v3.0.1 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ignore erroneous or unwanted traffic 'Private RFC 1918 addresses' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.9 L2 v1.3.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.3 directed_broadcast | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 ipsendredirects | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.16 tcp_tcpsecure | CIS IBM AIX 7.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure Geo-Restriction is enabled within Cloudfront Distribution | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.8 Ensure subnets for the Data tier are created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure NAT Gateways are created in at least 2 Availability Zones - Subnet1 | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.25 Ensure Data tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.6 Enable Bad Error Message Protection | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.2 Create /etc/hosts.allow | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.4 Create /etc/hosts.deny | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.7 Ensure Firewall is active - iptables-persistent run level 5 | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.7 Set 'Prevent changing proxy settings' to 'Enabled' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.8 Configure 'Disable changing Automatic Configuration settings' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.11 Configure 'Disable changing connection settings' | CIS IE 10 v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Windows Server 2012 MS L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.5 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes (recommended)' | CIS Windows Server 2012 R2 DC L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (192.0.0.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (198.18.0.0/15) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Firewall - Deny by Default ACL | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local firewall rules | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authorized IP managers | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Fabric Element Authentication must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXi.firewall-restrict-access | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Management interface is only accessible from specific IP ranges | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| The hosts.allow file limits access to the local network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-promiscuous-mode-StandardSwitch | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
