| 2.1.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 14.0 Sonoma v1.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.2.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.2.2 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.2.3 Ensure Firewall Stealth Mode Is Enabled | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Ensure IPv6 firewall rules exist for all open ports | CIS Google Container-Optimized OS L2 Server v1.1.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 13.0 Ventura v2.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 14.0 Sonoma Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 11.0 Big Sur v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 12.0 Monterey Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 12.0 Monterey v3.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 14.0 Sonoma v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured - EnableLogging | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured - LoggingOption | CIS Apple macOS 10.15 Catalina v3.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Ensure explicit deny in access lists is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks | CIS Microsoft Azure Foundations v2.1.0 L2 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN008540 - The systems local firewall must implement a deny-all, allow-by-exception policy. | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000128 - The Juniper SRX Services Gateway Firewall must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | DISA Juniper SRX Services Gateway ALG v3r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v2r2 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - TCP.VALIDNODE_CHECKING | DISA STIG Oracle 11.2g v2r2 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.validnode_checking=YES | DISA STIG Oracle 12c v2r2 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.validnode_checking=YES | DISA STIG Oracle 12c v2r2 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.validnode_checking=YES | DISA STIG Oracle 12c v2r3 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| O121-BP-025600 - Network access to the DBMS must be restricted to authorized personnel - tcp.validnode_checking=YES | DISA STIG Oracle 12c v2r3 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-AG-000051 - The Palo Alto Networks security platform must deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception). | DISA STIG Palo Alto ALG v2r1 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-030050 - TCP Wrappers must be enabled and configured per site policy to only allow access by approved hosts and services - '/etc/hosts.deny' | DISA STIG Solaris 11 X86 v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SOL-11.1-050140 - The system must implement TCP Wrappers - '/etc/hosts.deny ALL: ALL' | DISA STIG Solaris 11 SPARC v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000004 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain. | DISA Microsoft Windows Firewall v1r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000004 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a domain. | DISA Microsoft Windows Firewall v2r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000005 - The Windows Firewall must allow outbound connections when connected to a domain. | DISA Microsoft Windows Firewall v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000005 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a domain. | DISA Microsoft Windows Firewall v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000012 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network. | DISA Microsoft Windows Firewall v1r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000012 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a private network. | DISA Microsoft Windows Firewall v2r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000013 - The Windows Firewall must allow outbound connections when connected to a private network | DISA Microsoft Windows Firewall v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000013 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a private network. | DISA Microsoft Windows Firewall v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000020 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network. | DISA Microsoft Windows Firewall v1r7 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000020 - The Windows Firewall with Advanced Security must block unsolicited inbound connections when connected to a public network. | DISA Microsoft Windows Firewall v2r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000021 - The Windows Firewall must allow outbound connections when connected to a public network | DISA Microsoft Windows Firewall v1r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WNFWA-000021 - The Windows Firewall with Advanced Security must allow outbound connections, unless a rule explicitly blocks the connection when connected to a public network. | DISA Microsoft Windows Firewall v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
