| 2.5.5 Ensure allowed-client is set to those necessary for device management | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Enable the Firewall Stealth Rule | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Configure a Default Drop/Cleanup Rule | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Ensure Hit count is Enable for the rules | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules | CONFIGURATION MANAGEMENT |
| 3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules | CONFIGURATION MANAGEMENT |
| 3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall Rules | CONFIGURATION MANAGEMENT |
| 3.8 Logging should be enable for all Firewall Rules | AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.9 Review and Log Implied Rules | AUDIT AND ACCOUNTABILITY |
| 3.10 Ensure Drop Out of State TCP Packets is enabled | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.11 Ensure Drop Out of State ICMP Packets is enabled | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.14 Ensure Accept RIP is not enabled | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.15 Ensure Accept Domain Name over TCP (Zone Transfer) is not enabled | CONFIGURATION MANAGEMENT |
| 3.16 Ensure Accept Domain Name over UDP (Queries) is not enabled | CONFIGURATION MANAGEMENT |
| 3.17 Ensure Accept ICMP Requests is not enabled | CONFIGURATION MANAGEMENT |
| 3.18 Ensure Allow bi-directional NAT is enabled | CONFIGURATION MANAGEMENT |
| 3.19 Ensure Automatic ARP Configuration NAT is enabled | CONFIGURATION MANAGEMENT |
