| 1.1.1 Ensure 'Logon Password' is set | IDENTIFICATION AND AUTHENTICATION |
| 1.1.2 Ensure 'Enable Password' is set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3 Ensure 'Master Key Passphrase' is set | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.4 Ensure 'Password Recovery' is disabled | CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure 'Password Policy' is enabled - lifetime | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-changes | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-length | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-numeric | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-special | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercase | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure 'Domain Name' is set | CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure 'Host Name' is set | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Failover' is enabled | CONFIGURATION MANAGEMENT |
| 1.2.4 Ensure 'Unused Interfaces' is disable | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure 'Image Integrity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.2 Ensure 'Image Authenticity' is correct | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CONFIGURATION MANAGEMENT |
| 1.4.1.2 Ensure 'local username and password' is set | IDENTIFICATION AND AUTHENTICATION |
| 1.4.1.3 Ensure known default accounts do not exist | IDENTIFICATION AND AUTHENTICATION |
| 1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - protocol | ACCESS CONTROL |
| 1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - server | ACCESS CONTROL |
| 1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly | ACCESS CONTROL |
| 1.4.3.2 Ensure 'aaa authentication http console' is configured correctly | ACCESS CONTROL |
| 1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly | ACCESS CONTROL |
| 1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly | ACCESS CONTROL |
| 1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly | ACCESS CONTROL |
| 1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly | ACCESS CONTROL |
| 1.4.4.1 Ensure 'aaa command authorization' is configured correctly | ACCESS CONTROL |
| 1.4.4.2 Ensure 'aaa authorization exec' is configured correctly | ACCESS CONTROL |
| 1.4.5.1 Ensure 'aaa command accounting' is configured correctly | CONFIGURATION MANAGEMENT |
| 1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly | CONFIGURATION MANAGEMENT |
| 1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly | CONFIGURATION MANAGEMENT |
| 1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly | CONFIGURATION MANAGEMENT |
| 1.5.1 Ensure 'ASDM banner' is set | AWARENESS AND TRAINING |
| 1.5.2 Ensure 'EXEC banner' is set | AWARENESS AND TRAINING |
| 1.5.3 Ensure 'LOGIN banner' is set | AWARENESS AND TRAINING |
| 1.5.4 Ensure 'MOTD banner' is set | AWARENESS AND TRAINING |
| 1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure 'SSH version 2' is enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits | CONFIGURATION MANAGEMENT |
| 1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers | CONFIGURATION MANAGEMENT |
| 1.6.5 Ensure 'Telnet' is disabled | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure 'TLS 1.2' is set for HTTPS access | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CONFIGURATION MANAGEMENT |
| 1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes | CONFIGURATION MANAGEMENT |
| 1.9.1.1 Ensure 'NTP authentication' is enabled | IDENTIFICATION AND AUTHENTICATION |
