| 1.1.18 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1 Run BIND as a non-root User - UID | CIS BIND DNS v1.0.0 L1 Authoritative Name Server | Unix | ACCESS CONTROL |
| 3.1 - Roles, Applications, and Authentication - RSH is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1 - Roles, Applications, and Authentication - Telnet is disabled | NetApp Security Hardening Guide for ONTAP 9 v1.7.0 | Netapp_API | CONFIGURATION MANAGEMENT |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| Brocade - Authentication policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Bottleneck detection must be enabled | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Device Connection Control policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Disable HTTP | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable HTTP IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable HTTP IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable Telnet IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable Telnet IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Disable TFTP IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | CONFIGURATION MANAGEMENT |
| Brocade - Enable auditcfg | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enable HTTPS | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable HTTPS IPv4 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable SFTP IPv6 | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable the power-on self-test (POST) | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND INFORMATION INTEGRITY |
| Brocade - Enable the track changes feature | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enable the track changes feature for SNMP traps | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Enforce secure Config Upload/Download | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enforce signature validation for firmware | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND INFORMATION INTEGRITY |
| Brocade - Ensure a SSL certificate file is established | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - FIPS Mode is enabled | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - lockout duration set to 30 minutes | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - lockout threshold set to 3 | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - maximum password age must be set to no more than 60 days | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - minimum password age must be set to at least 30 days | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - password history must be set to 1 | Tenable Best Practices Brocade FabricOS | Brocade | IDENTIFICATION AND AUTHENTICATION |
| Brocade - password warning must be set to at least 30 days | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Review Enabled Accounts | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Review the NTP server configuration | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - SCP server host is approved | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Set SNMP security level to authentication and privacy | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - SNMP v3 uses AES instead of DES | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| Ensure that database instances do not allow root access | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| OpenStack Inactive Servers | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Server Flavors | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Servers created since the last scan | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Servers owned by SERVER_UID | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Servers updated since the last scan | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| Rackspace Server Flavors | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Servers created since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Servers updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of active Rackspace Role Names (RBAC) | Tenable Best Practices RackSpace v2.0.0 | Rackspace | ACCESS CONTROL |
| Review the list of Current OpenStack Users | Tenable Best Practices OpenStack v2.0.0 | OpenStack | ACCESS CONTROL |
