| 1.2.1 Ensure the container host has been Hardened | CIS Docker v1.8.0 L1 OS Linux | Unix | CONFIGURATION MANAGEMENT |
| ACLs: Filter for RFC 1918 addresses (192.168.0.0/16) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (192.42.172.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (203.0.113.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (224.0.0.0/4) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (255.255.255.255/32) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Audit system file permissions - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND INFORMATION INTEGRITY |
| Authentication: a backup remote authentication server is available | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | ACCESS CONTROL |
| chrony is not installed - User | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure all groups in /etc/passwd exist in /etc/group | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure all users last password change date is in the past | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | IDENTIFICATION AND AUTHENTICATION |
| Ensure at/cron is restricted to authorized users - at.allow | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure audit logs are not automatically deleted | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure Avahi Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure DNS Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure FTP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure GDM login banner is configured - banner-message-text | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure GDM login banner is configured - file-db | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IPv6 redirects are not accepted - /etc/sysctl ipv6 default accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure IPv6 router advertisements are not accepted - /etc/sysctl ipv6 all accept | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure LDAP client is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure NIS Client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure Reverse Path Filtering is enabled - /etc/sysctl ipv4 default rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure Reverse Path Filtering is enabled - sysctl ipv4 all rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure Reverse Path Filtering is enabled - sysctl ipv4 default rp_filter | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure SNMP Server is not enabled | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure SSH Idle Timeout Interval is configured - ClientAliveInterval | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure SSH MaxAuthTries is set to 4 or less | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Ensure suspicious packets are logged - sysctl ipv4 default log_martians | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure syslog-ng is configured to send logs to a remote log host - log src | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'action_mail_acct = root' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure system is disabled when audit logs are full - 'admin_space_left_action = halt' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure talk client is not installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure TCP Wrappers is installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure the audit configuration is immutable | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure time synchronization is in use | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - auditctl b32 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure users' home directories permissions are 750 or more restrictive | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| ICMP: Do not return redirect messages | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Login: FTP is disabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| Login: SSH is enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | CONFIGURATION MANAGEMENT |
| SNMP: configure access groups to use privacy | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| SNMP: configure community strings | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
| Time: NTP servers use an authentication key | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | AUDIT AND ACCOUNTABILITY |
| uRPF: Unicast Reverse Path Forwarding (uRPF) is Enabled | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Compliance Policy - Password expiration (days) | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Windows Device Configuration - Removable storage | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Windows Device Configuration - Required password type | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Windows Device Configuration - Scan scripts loaded in Microsoft web browsers | Tenable Best Practices for Microsoft Intune Windows v1.0 | microsoft_azure | CONFIGURATION MANAGEMENT |
