| 1.1.5 Ensure noexec option set on /tmp partition | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.5 Ensure noexec option set on /tmp partition | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.17 Ensure noexec option set on /dev/shm partition | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.17 Ensure noexec option set on /dev/shm partition | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.20 Ensure noexec option set on removable media partitions | CIS Debian 9 Server L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.1.20 Ensure noexec option set on removable media partitions | CIS Debian 9 Workstation L1 v1.0.1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.3.10 Ensure 'Password Profiles' do not exist | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervals | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION, RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.1 Ensure that WildFire file size upload limits are maximized | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.2 Ensure forwarding is enabled for all applications and file types in WildFire file blocking profiles | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.4 Ensure forwarding of decrypted content to WildFire is enabled | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.5 Ensure all WildFire session information settings are enabled | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.5 Ensure all WildFire session information settings are enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 9 v1.0.1 L1 | Palo_Alto | |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 10 v1.1.0 L1 | Palo_Alto | |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 10 v1.0.0 L1 | Palo_Alto | |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 5.6 Ensure alerts are enabled for malicious files detected by WildFire - log-type 'wildfire' | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.1 Ensure that antivirus profiles are set to block on all decoders except 'imap' and 'pop3' | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.2 Ensure a secure antivirus profile is applied to all relevant security policies | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Ensure an anti-spyware profile is configured to block on all spyware severity levels, categories, and threats | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.4 Ensure DNS sinkholing is configured on all anti-spyware profiles in use | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.5 Ensure passive DNS monitoring is set to enabled on all anti-spyware profiles in use | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.7 Ensure a Vulnerability Protection Profile is set to block attacks against critical and high vulnerabilities, and set to default on medium, low, and informational vulnerabilities | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 9 Benchmark v1.0.0 L1 | Palo_Alto | |
| 6.8 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 7.3 Ensure 'Security Policy' denying any/all traffic to/from IP addresses on Trusted Threat Intelligence Sources Exists | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
