| 1.1.1 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.6 Ensure maximum RAM is installed | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 1.6.1 Ensure 'Verify Update Server Identity' is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 1.8 Ensure Retired JUNOS Devices are Disposed of Securely | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 3.1 Ensure a fully-synchronized High Availability peer is configured | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.1.4 Set 'ip verify unicast source reachable-via' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure Condition | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure VRRP authentication-key is set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election Setings | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Passive Link State | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Set 'key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Set 'key-string' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.8 Set 'ip authentication key-chain eigrp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.1 Set 'key chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.2 Set 'key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.5 Set 'ip rip authentication mode' to 'md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.4.1 Set 'neighbor password' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Ensure Loopback interface address is set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 3.9 Ensure only one loopback address is set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 4.1.3 Ensure EBGP peers are set to use GTSM | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 4.5.2 Ensure RIP is set to check for zero values in reserved fields | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 4.6.1 Ensure BFD Authentication is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 4.6.2 Ensure BFD Authentication is Not Set to Loose-Check | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 6.5.1 Ensure ICMPv4 rate-limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 6.5.2 Ensure ICMPv6 rate-limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 6.5.3 Ensure ICMP Source-Quench is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.5.4 Ensure TCP SYN/FIN is Set to Drop | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.5.5 Ensure TCP RST is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.6.9 Ensure local passwords require multiple character sets | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.6.10 Ensure at least 4 set changes in local passwords | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.6.11 Ensure local passwords are at least 10 characters | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.10.5.8 Ensure REST Allowed Sources is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.10.5.10 Ensure REST Service Address is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.11.2 Ensure Auxiliary Port is Set as Insecure If Used | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 6.14 Ensure Configuration File Encryption is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 6.19 Ensure Hostname is Not Set to Device Make or Model | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.20 Ensure Default Address Selection is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
| 6.23 Ensure Password is Set for PIC-Console-Authentication | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
