| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Caching Only Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1 Use a Split-Horizon Architecture | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure ICMP Redirects are set to disabled (on all untrusted IPv4 networks) | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Ensure ICMP Redirects are set to disabled (on all untrusted IPv6 networks) | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure 'Antivirus Update Schedule' is set to download and install updates hourly | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.1.4 Ensure Bogon Filtering is set (where EBGP is used) | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.6.1 Create administrative boundaries between resources using namespaces | CIS Google Kubernetes Engine (GKE) Autopilot v1.1.0 L1 | GCP | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.7 Ensure 'WildFire Update Schedule' is set to download and install updates every minute | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 5.7.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.19 Ensure all zones have Zone Protection Profiles that drop specially crafted packets | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid Categories | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 8.2 Ensure 'SSL Inbound Inspection' is required for all untrusted traffic destined for servers using SSL or TLS | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
