| 2.1.4 Ensure 'SECURE_REGISTER_' Is Set to 'TCPS' or 'IPC' | CIS Oracle Server 18c Linux v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 7 v1.2.0 L1 Windows | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 6 v1.2.0 L1 MongoDB | Windows | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 6 v1.2.0 L1 MongoDB | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 7 v1.2.0 L1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2 Ensure that MongoDB does not bypass authentication via the localhost exception | CIS MongoDB 8 v1.0.0 L1 Unix | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 4.1.4.1 Ensure Audit logs are owned by root and mode 0600 or less permissive | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY |
| 5.11 (L1) Host must isolate management communications | CIS VMware ESXi 8.0 v1.3.0 L1 VMware | VMware | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 6.3 Mask and zone SAN resources appropriately | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| 6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers | CIS VMware ESXi 8.0 v1.3.0 L1 Unix | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions | CIS VMware ESXi 8.0 v1.3.0 L1 Unix | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 8.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' | CIS Microsoft Azure Foundations v5.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 9.23 Find Un-owned Files and Directories | CIS Oracle Solaris 11.4 L1 v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 9.23 Find Un-owned Files and Directories | CIS Solaris 11.2 L1 v1.1.0 | Unix | ACCESS CONTROL |
| 9.24 Find Un-owned Files and Directories | CIS Solaris 11.1 L1 v1.0.0 | Unix | ACCESS CONTROL |
| 9.24 Find Un-owned Files and Directories | CIS Solaris 11 L1 v1.1.0 | Unix | ACCESS CONTROL |
| Disable unused network ports | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'aaa local authentication max failed attempts' is set to your organization's poicy | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Ensure 'HTTP source restriction' is set to an authorized IP address | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Ensure 'Image Authenticity' is correct | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'Image Integrity' is correct | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging buffered severity ' is greater than or equal to '3' | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled - show logging | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to Serial console' is disabled | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging trap severity ' is greater than or equal to '5' | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging' is enabled | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'Password Policy' is enabled - minimum-length | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP community string' is not the default string | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'snmp-server group' is set to 'v3 priv' | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'snmp-server group' is set to 'v3 priv' - show snmp-server | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'syslog hosts' is configured correctly | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'TLS 1.0' is set for HTTPS access | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure DHCP services are disabled for untrusted interfaces - dhcpd | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | AUDIT AND ACCOUNTABILITY |
| Ensure ICMP is restricted for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure non-default application inspection is configured correctly | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND INFORMATION INTEGRITY |
| Ensure timezone is properly configured | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| EX13-EG-000005 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX16-ED-000010 - Exchange must limit the Receive connector timeout. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | ACCESS CONTROL |
| MD7X-00-000150 MongoDB must limit the total number of concurrent connections to the database. | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | ACCESS CONTROL |
| Tenable_Best_Practices_Cisco_Firepower_Management_Center_OS.audit | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | |
