1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
1.4 SNMP Security - b) SNMP server | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address | CIS Cisco Firewall ASA 8 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
1.6.4 Configure Web interface | CIS Cisco IOS 16 L2 v1.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1 Protection Policy for the CPS Control Engine | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
2.2 NTP Security Protection - b) NTP access-group | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
2.7.4 - SNMP - restrict public community access - 'all communities have IP access restrictions' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
6.4 Ensure Geo-Restriction is enabled within Cloudfront Distribution | CIS Amazon Web Services Three-tier Web Architecture L2 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.21 Create the App tier ELB Security Group and ensure only accepts HTTP/HTTPS | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.22 Create the App tier Security Group and ensure it allows inbound connections from App tier ELB Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.23 Ensure App tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit ports | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
6.25 Ensure Data tier Security Group has no inbound rules for CIDR of 0 (Global Allow) | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
Access control lists | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
Access control lists | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - Authentication policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - Device Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - Fabric Configuration Server policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - Fabric Element Authentication must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade - Switch Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'Authentication policy must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'Device Connection Control policy must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'Fabric Configuration Server policy must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'Fabric Element Authentication must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'IPfilter policy must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Brocade : 'Switch Connection Control policy must be rejected' | TNS Brocade FabricOS Best Practices | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
FireEye - Management interface is only accessible from specific IP ranges | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
Firewall Filter - Order terms with time sensitive protocols at the top | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
Firewall Filter - Permit only required protocols from authorized sources | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
Network Security - Ensure IP directed broadcast has not been configured | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
PCI 2.2.4 - Verify that common security parameter settings are included - NIS - '/var/yp/securenets includes no other subnets' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
PCI 2.2.4 - Verify that common security parameter settings are included - SNMP - 'all communities have IP access restrictions' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
PCI 2.2.4 - Verify that common security parameter settings are included - SNMP - 'disable system community' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
PCI 10.5.4 - Write logs for external-facing technologies onto a log server on the internal LAN - Accept remote messages disabled | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Port security | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
Port security auto-recovery | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
ScreenOS:SNMP - Management Networks | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |