| 1.1.6 Set 'aaa accounting' to log all privileged use commands using 'commands 15' | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.1.7 Set 'aaa accounting connection' | ACCESS CONTROL |
| 1.1.8 Set 'aaa accounting exec' | AUDIT AND ACCOUNTABILITY |
| 1.1.9 Set 'aaa accounting network' | AUDIT AND ACCOUNTABILITY |
| 1.1.10 Set 'aaa accounting system' | AUDIT AND ACCOUNTABILITY |
| 1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | IDENTIFICATION AND AUTHENTICATION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | IDENTIFICATION AND AUTHENTICATION |
| 1.6.1 Configure Login Block - login block-for | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login delay | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login quiet-mode | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 AutoSecure | CONFIGURATION MANAGEMENT |
| 1.6.3 Configuring Kerberos | IDENTIFICATION AND AUTHENTICATION |
| 1.6.4 Configure Web interface | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.8 Set 'login success/failure logging' | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | AUDIT AND ACCOUNTABILITY |
| 2.3.1.2 Set 'ntp authentication-key' | AUDIT AND ACCOUNTABILITY |
| 2.3.1.3 Set the 'ntp trusted-key' | AUDIT AND ACCOUNTABILITY |
| 2.3.1.4 Set 'key' for each 'ntp server' | AUDIT AND ACCOUNTABILITY |
| 2.4.1 Create a single 'interface loopback' - 'Only one loopback interface IP Address is defined' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.2 Set AAA 'source-interface' | ACCESS CONTROL |
| 2.4.3 Set 'ntp source' to Loopback Interface - 'NTP is bound to loopback' | AUDIT AND ACCOUNTABILITY |
| 2.4.3 Set 'ntp source' to Loopback Interface - 'NTP/SNTP is bound to loopback' | AUDIT AND ACCOUNTABILITY |
| 2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Set 'no ip proxy-arp' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.1 Set 'key chain' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.2 Set 'key' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.3 Set 'key-string' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.5 Set 'af-interface default' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.6 Set 'authentication key-chain' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.8 Set 'ip authentication key-chain eigrp' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.9 Set 'ip authentication mode eigrp' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | IDENTIFICATION AND AUTHENTICATION |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.1 Set 'key chain' | IDENTIFICATION AND AUTHENTICATION |
| 3.3.3.2 Set 'key' | IDENTIFICATION AND AUTHENTICATION |
