| 1.2 Harden the container host | CIS Docker 1.13.0 v1.0.0 L1 Linux | Unix | CONFIGURATION MANAGEMENT |
| Adtran : Disable FTP | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Disable SSID Broadcast | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Adtran : Disable WEP security mode | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : Enable aaa authentication | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : Enable Firewall | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Enable stateful inspection on firewall | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Ensure the default 'admin' username is not used | TNS Adtran AOS Best Practice Audit | Adtran | ACCESS CONTROL |
| Adtran : Firewall - Ensure winnuke protection is enabled | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Password Policy - no weak passwords | TNS Adtran AOS Best Practice Audit | Adtran | IDENTIFICATION AND AUTHENTICATION |
| Adtran : Secure Web Access - HTTP disabled | TNS Adtran AOS Best Practice Audit | Adtran | CONFIGURATION MANAGEMENT |
| Alertmail server not configured or this feature is not available on the device | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure 'EIGRP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Image Authenticity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'SNMP traps' is enabled - authentication | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'TLS 1.0' is set for HTTPS access | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure timezone is properly configured | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| EX19-ED-000159 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | ACCESS CONTROL |
| Extreme : Configure idletimeout <= 15 | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | ACCESS CONTROL |
| Extreme : Password Policy - char-validation | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | IDENTIFICATION AND AUTHENTICATION |
| Extreme : Password Policy - min-length >= 8 | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - AAA - TACACS+ server is trusted | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - SNMP v3 auth-priv is not enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: Command Levels Not Changed | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Configure appropriate NTP server | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Disable Telnet on IPV4 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Enable AAA authentication | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Enable SNMP Traps | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Insecure HTTP is not configured. | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Require Group for SNMPv3 Access | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Huawei: Require SSH version 2 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Set super password | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SNMP Community string != private | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| MD7X-00-000400 MongoDB must provide audit record generation for DOD-defined auditable events within all DBMS/database components. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MD7X-00-004400 MongoDB must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| SNMP is not enabled. SNMP specific checks not performed. | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| WatchGuard : Authentication Settings - 'Authentication User Session Timeout' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | ACCESS CONTROL |
| WatchGuard : Data Loss Prevention Signature Update - 'Enabled' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| WatchGuard : DoS Prevention - Block Port Space Probes | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop SYN Flood Attack | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : IPS Threat Level Action Medium - DROP or BLOCK | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND INFORMATION INTEGRITY |
| WatchGuard : SNMP Configuration - community string - 'public' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | IDENTIFICATION AND AUTHENTICATION |
| WatchGuard : SNMP Configuration - v3 user has password - auth protocol | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | ACCESS CONTROL |
| WatchGuard : SNMP Configuration - Version = '3' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
