3.2 Disable the Shutdown port | CIS Apache Tomcat 10 L2 v1.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Disable the Shutdown port | CIS Apache Tomcat 9 L2 v1.2.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2 Disable the Shutdown port | CIS Apache Tomcat 10 L2 v1.1.0 Middleware | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.4.3.1.2 Ensure nftables is not installed with iptables | CIS CentOS Linux 8 Workstation L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.1.2 Ensure iptables-services not installed with firewalld | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.1.3 Ensure nftables either not installed or masked with firewalld - masked | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2.3 Ensure iptables-services not installed with nftables | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.5.2.3 Ensure iptables-services not installed with nftables | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
9.1.4 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log' | CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\domainfw.log' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
9.1.7 (L1) Ensure 'Windows Firewall: Domain: Logging: Log dropped packets' is set to 'Yes' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Name' is set to '%SystemRoot%\System32\logfiles\firewall\publicfw.log' | CIS Windows Server 2012 R2 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
9.3.8 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.allow | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.deny | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.deny | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.deny | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN005540 - The SSH daemon must be configured for IP filtering - hosts.deny | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.allow | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.allow | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.allow | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.allow | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.deny | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.deny | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.deny | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006080 - The Samba Web Administration Tool (SWAT) must be restricted to the local host or require SSL - hosts.deny | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 SPARC v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 X86 v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN006620 - The system's access control program must be configured to grant or deny system access to specific hosts - default deny | DISA STIG Solaris 10 X86 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG AIX 6.1 v1r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
GEN008540 - The system's local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000240 - The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Juniper Router RTR v1r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000270 - The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - filter | DISA STIG Juniper Router RTR v1r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r4 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r5 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v1r18 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v1r18 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
O112-C3-019200 - The DBMS must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v1r18 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
O112-C3-019200 - The DBMS must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v1r18 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
SYMP-AG-000570 - Symantec ProxySG must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |