| 1.2 Ensure the container host has been Hardened | CIS Docker Community Edition v1.1.0 L1 Linux Host OS | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5' | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Auto Backup via central management is not available or not configured. | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONTINGENCY PLANNING |
| Ensure 'console session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure 'Failover' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Host Name' is set | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Image Integrity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging buffered severity ' is greater than or equal to '3' | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging to Serial console' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging with timestamps' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'noproxyarp' is enabled for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'OSPF authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Password Policy' is enabled - minimum-length | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'RIP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP community string' is not the default string | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - coldstart | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server group' is set to 'v3 priv' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server host' is set to 'version 3' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'syslog hosts' is configured correctly | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Unused Interfaces' is disable | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure DHCP services are disabled for untrusted interfaces - dhcpd | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - domain-lookup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - name-server | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure ICMP is restricted for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure intrusion prevention is enabled for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure known default accounts do not exist | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure non-default application inspection is configured correctly | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure the MCS Translation Service (mcstrans) is not installed - zypper | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | CONFIGURATION MANAGEMENT |
| Ensure unsuccessful unauthorized file access attempts are collected - b32 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Ensure unsuccessful unauthorized file access attempts are collected - b64 EACCES | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | AUDIT AND ACCOUNTABILITY |
| Fortigate - AAA - LDAP server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - AAA - RADIUS server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Review the patch update method | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| Fortigate - Review users with admin privileges | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - SNMP v3 is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Lockout for failed password attempts - 'auth sufficient pam_unix.so' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| Lockout for failed password attempts - password-auth 'auth sufficient pam_faillock.so authsucc audit deny=5 unlock_time=900' | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | ACCESS CONTROL |
| MD7X-00-007400 MongoDB must provide an immediate real-time alert to appropriate support staff of all audit log failures. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY |
| SonicWALL - SSL Control - Detect SSLv2 | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND INFORMATION INTEGRITY |
| SQL2-00-025200 - The OS must limit privileges to the SQL Server data directories and their subordinate directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| WN22-DC-000300 - Windows Server 2022 PKI certificates associated with user accounts must be issued by a DoD PKI or an approved External Certificate Authority (ECA). | DISA Microsoft Windows Server 2022 STIG v2r5 | Windows | IDENTIFICATION AND AUTHENTICATION |
