| 1.1.10 Set 'aaa accounting network' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.1.11 Set 'aaa accounting system' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.2.10 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.3.2 Set the 'banner-text' for 'banner login' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 1.3.3 Set the 'banner-text' for 'banner motd' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 1.5.2 Unset 'private' for 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Do not set 'RW' for any 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.3 Set 'no ip bootp server' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.7 Set 'service tcp-keepalives-out' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.7 Set 'logging source interface' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.4 Set 'key' for each 'ntp server' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4.3 Set 'ntp source' to Loopback Interface - 'NTP/SNTP is bound to loopback' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1.4 Set 'ip verify unicast source reachable-via' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Set 'key-string' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.1 Set 'key chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Configure IPsec Tunnel Parameters - rekey | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Ensure 'Password Policy' is enabled - minimum-length | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - coldstart | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server group' is set to 'v3 priv' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server host' is set to 'version 3' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Identification and Authentication - Use out of band authentication - AAA - audit logging | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - AAA - netconf logging | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Secure Name/address Resolution Service - Configure DNS servers - Primary | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Session Termination - Configure Idle CLI timeout | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Session Termination - Configure Idle CLI timeout | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | ACCESS CONTROL |
| SLES-12-010700 - All SUSE operating system files and directories must have a valid group owner. | DISA SLES 12 STIG v3r1 | Unix | ACCESS CONTROL |
| SLES-12-030130 - The SUSE operating system must display the date and time of the last successful account logon upon an SSH logon. | DISA SLES 12 STIG v3r1 | Unix | ACCESS CONTROL |
| SLES-12-030200 - The SUSE operating system SSH daemon must be configured to not allow authentication using known hosts authentication. | DISA SLES 12 STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SLES-12-030250 - The SUSE operating system SSH daemon must not allow compression or must only allow compression after successful authentication. | DISA SLES 12 STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-020300 - The SUSE operating system must not be configured to allow blank or null passwords. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-030690 - Audispd must off-load audit records onto a different system or media from the SUSE operating system being audited. | DISA SLES 15 STIG v2r2 | Unix | AUDIT AND ACCOUNTABILITY |
| SLES-15-040050 - The SUSE operating system file integrity tool must be configured to verify extended attributes. | DISA SLES 15 STIG v2r2 | Unix | CONFIGURATION MANAGEMENT |
| SLES-15-040400 - All SUSE operating system files and directories must have a valid owner. | DISA SLES 15 STIG v2r2 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| System Backup - Enable Backups - interval | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | CONTINGENCY PLANNING |
| System Backup - Enable Backups - path | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | CONTINGENCY PLANNING |
