| 1.1.1.2 SNMPv3 traps should be configured | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.1.3 Ensure 'Enable Log on High DP Load' is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.2.5 Ensure valid certificate is set for browser-based administrator interface | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.2 Ensure 'Minimum Length' is greater than or equal to 12 | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | IDENTIFICATION AND AUTHENTICATION |
| 2.1 Ensure that IP addresses are mapped to usernames | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.3.2 Secure screen saver corners - top right corner | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.4 Ensure that 'Include/Exclude Networks' is used if User-ID is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure proper SNMP configuration - 'community name public does not exist' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 2.5.1 Disable 'Wake for network access' | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | ACCESS CONTROL |
| 2.7.1 iCloud configuration | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 3.4 Enable remote logging for Desktops on trusted networks | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.3 Use Active Directory for local user authentication - Enabled = 'true' | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Use Active Directory for local user authentication - Review Domain | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | IDENTIFICATION AND AUTHENTICATION |
| 4.4 Verify Active Directory group membership for the 'ESX Admins' group | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 5.2 Disable ESXi Shell unless needed for diagnostics or troubleshooting | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | CONFIGURATION MANAGEMENT |
| 5.2.4 Complex passwords must contain a Numeric Character - '1 number' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.4 Complex passwords must contain a Numeric Character - 'Numeric' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
| 5.2.5 Complex passwords must contain a Special Character | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.6 Complex passwords must contain uppercase and lowercase letters | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | |
| 5.5 Ensure alerts are enabled for malicious files detected by WildFire | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 5.6 Enable OCSP and CRL certificate checking - CRLStyle | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.7 Set a timeout to automatically terminate idle ESXi Shell and SSH sessions | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 5.10 Verify contents of exposed configuration files | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 5.16 Secure individual keychain and items | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | |
| 6.1.2 Disable 'Show password hints' | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 6.4.1 (L1) Host SNMP services, if enabled, must limit access | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding | CIS VMware ESXi 8.0 v1.2.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 6.7 Ensure a secure Vulnerability Protection Profile is applied to all security rules allowing traffic | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | RISK ASSESSMENT |
| 6.11 Ensure all HTTP Header Logging options are enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Ensure secure URL filtering is enabled for all security policies allowing traffic to the Internet | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.13 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| 6.15 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 6.19 Ensure that User Credential Submission uses the action of 'block' or 'continue' on the URL categories | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 6.23 Ensure that 'Cloud Inline Categorization' on URL Filtering profiles are enabled if 'Advanced Threat Prevention' is available | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure that logging is enabled on built-in default security policies | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | SYSTEM AND INFORMATION INTEGRITY |
| 8.1.2 Limit sharing of console connections | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | ACCESS CONTROL |
| 8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS | CIS Palo Alto Firewall 11 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2.2 Disconnect unauthorized devices - CD/DVD Devices | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | |
| 8.2.3 Disconnect unauthorized devices - Parallel Devices | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.2.6 Prevent unauthorized removal and modification of devices. | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | ACCESS CONTROL |
| 8.3 Ensure that the Certificate used for Decryption is Trusted | CIS Palo Alto Firewall 11 v1.2.0 L2 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 8.3.1 Disable unnecessary or superfluous functions inside VMs | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 8.4.9 Disable Unity Active | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.14 Disable Shell Action | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.4.19 Disable Unity Interlock | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | CONFIGURATION MANAGEMENT |
| 8.5.1 Prevent virtual machines from taking over resources - Mem Share Level | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
