1.1.1.2 SNMPv3 traps should be configured | AUDIT AND ACCOUNTABILITY |
1.2.5 Ensure valid certificate is set for browser-based administrator interface | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid | CONFIGURATION MANAGEMENT |
1.7.1 Enabling Post-Quantum (PQ) on IKEv2 VPNs | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1 Ensure that IP addresses are mapped to usernames | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
2.2 Ensure that WMI probing is disabled | CONFIGURATION MANAGEMENT |
5.7 Choosing Wildfire public cloud region | CONFIGURATION MANAGEMENT |
6.16 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone | ACCESS CONTROL, MEDIA PROTECTION |
8.3 Ensure that the Certificate used for Decryption is Trusted | CONFIGURATION MANAGEMENT |
CIS_Palo_Alto_Firewall_10_Benchmark_v1.2.0_L2.audit from CIS Palo Alto Firewall 10 Benchmark v1.2.0 | |