| 3.3.1 Ensure TCP Wrappers is installed | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure TCP Wrappers is installed | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure /etc/hosts.allow is configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3 Ensure /etc/hosts.deny is configured | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure DCCP is disabled - lsmod | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure DCCP is disabled - lsmod | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure DCCP is disabled - modprobe | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure SCTP is disabled - lsmod | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure SCTP is disabled - modprobe | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure RDS is disabled - lsmod | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure RDS is disabled - modprobe | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.3 Ensure iptables rules exist for all open ports | CIS Fedora 28 Family Linux Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2.3 Ensure iptables rules exist for all open ports | CIS CentOS Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4 Ensure TIPC is disabled - lsmod | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4 Ensure TIPC is disabled - lsmod | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.3 Ensure iptables rules exist for all open ports | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure default deny firewall policy - Chain INPUT | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2 Ensure loopback traffic is configured - input | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2 Ensure loopback traffic is configured - input | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.3 Ensure outbound and established connections are configured | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain FORWARD | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain INPUT | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure IPv6 default deny firewall policy - Chain OUTPUT | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure IPv6 loopback traffic is configured | CIS Debian 8 Server L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure IPv6 loopback traffic is configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.3 Ensure IPv6 outbound and established connections are configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.4 Ensure IPv6 firewall rules exist for all open ports | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure firewall rules exist for all open ports | CIS SUSE Linux Enterprise 15 Server L1 v1.1.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure firewall rules exist for all open ports | CIS SUSE Linux Enterprise 15 Workstation L1 v1.1.1 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure That RDP Access Is Restricted From the Internet | CIS Google Cloud Platform v3.0.0 L2 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | CIS Apache HTTP Server 2.4 L2 v2.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active Rules | CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly Threshold | CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold | CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly Threshold | CIS Apache HTTP Server 2.4 L2 v2.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 (L1) Ensure port groups are not configured to the value of the native VLAN | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure port groups are not configured to the value of the native VLAN | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.6 (L1) Ensure port groups are not configured to VLAN 4095 and 0 except for Virtual Guest Tagging (VGT) | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 (L1) Ensure port-level configuration overrides are disabled. | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.8 Ensure port-level configuration overrides are disabled. | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Windows Server 2012 R2 DC L1 v2.4.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' | CIS Windows Server 2012 R2 MS L1 v2.4.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Windows Server 2012 R2 MS L1 v2.4.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0162 - AG ingress ACL is not configured to secure enclave - 'Explicit Deny ACL' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0410 - BGP sessions are not restricted. 'ACL IP Recieve Access-List (Default Deny)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco L2 Switch V8R27 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
