| 1.3 Ensure Password Complexity is set to 3 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-length | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.6 Ensure Warn users before password expiration is set to 7 days | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.8 Ensure Deny access to unused accounts is selected | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.10 Ensure Force users to change password at first login after password was changed from Users page is selected | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.24 WN19-00-000240 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.24 WN19-00-000240 | CIS Microsoft Windows Server 2019 STIG v4.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.24 WN22-00-000240 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.1.1 Ensure 'Login Banner' is set - message banner on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.1.3 Ensure Core Dump is enabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Ensure unused interfaces are disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure DNS server is configured - secondary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Ensure Host Name is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure SNMP traps is enabled - authorizationError | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - linkUpLinkDown | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp active | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server secondary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.4.1 Ensure 'System Backup' is set. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.2 Ensure Web session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.3 Ensure Client Authentication is secured. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.1 Ensure mgmtauditlogs is set to on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.6.3 Ensure cplogs is set to on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 3.1 Enable the Firewall Stealth Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Use Checkpoint Sections and Titles | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.8 Logging should be enable for all Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.10 Ensure Drop Out of State TCP Packets is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.13 Ensure Disk Space Alert is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 3.16 Ensure Accept Domain Name over UDP (Queries) is not enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.18 Ensure Allow bi-directional NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.20 Ensure Logging is enabled for Track Options of Global Properties | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 18.9.7.1.3 Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 Enterprise v4.0.0 BL | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.9.7.1.6 (BL) Ensure 'Prevent installation of devices using drivers that match these device setup classes: Also apply to matching devices that are already installed.' is set to 'True' (checked) | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | SYSTEM AND INFORMATION INTEGRITY |
| Allow Trusted Locations on the network - allownetworklocations - excel | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - ms project | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - ms project | MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - ms project | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - visio | MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - visio | Microsoft 365 Apps for Enterprise 2306 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - allownetworklocations - visio | MSCT Office 365 ProPlus 1908 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - excel | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - powerpoint | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - word | MSCT M365 Apps for enterprise 2312 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| Allow Trusted Locations on the network - word | MSCT M365 Apps for enterprise 2412 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| O365-PT-000013 - The use of network locations must be ignored in PowerPoint. | DISA Microsoft Office 365 ProPlus STIG v3r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| O365-VI-000002 - Trusted Locations on the network must be disabled in Visio. | DISA Microsoft Office 365 ProPlus STIG v3r5 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
