| 1.1.5.2.1 Set 'Windows Firewall: Private: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.1 Set 'Windows Firewall: Public: Outbound connections' to 'Allow (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.4 Set 'Windows Firewall: Public: Logging: Log dropped packets' to 'Yes' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.6 - TCP/IP Tuning - 'ipsendredirects = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.7 - TCP/IP Tuning - 'ip6srcrouteforward = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.12 - TCP/IP Tuning - 'udp_pmtu_discover = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.13 - TCP/IP Tuning - 'ipsrcrouterecv = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.14 - TCP/IP Tuning - 'nonlocsrcroute = 0' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.16 - TCP/IP Tuning - 'sockthresh <= 60' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.18 - TCP/IP Tuning - 'tcp_sendspace >= 262144' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.19 - TCP/IP Tuning - 'tcp_recvspace >= 262144' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.base is installed' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.license is installed' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.1 - TCP Wrappers - installing TCP Wrappers - 'netsec.options.tcpwrapper.man.en_US is installed' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.4 - TCP Wrappers - wrapping inetd services - 'all enabled inetd.conf services use TCP wrappers' | CIS AIX 5.3/6.1 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.1 Ensure IP forwarding is disabled - sysctl | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - 'net.ipv4.conf.default.send_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.all.send_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.default.send_redirects = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.all.accept_source_route = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.default.secure_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Restrict Access to Cache 'trusted, local IP network' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.7 Ensure Reverse Path Filtering is enabled - 'net.ipv4.conf.all.rp_filter = 1 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled (sysctl exec) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'sysctl net.ipv6.conf.default.accept_redirects = 0' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure iptables package is installed | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.1 Ensure iptables package is installed | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure outbound and established connections are configured | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3 Ensure IPv6 firewall rules exist for all open ports | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Apply local firewall rules | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Private Profile | MSCT Windows 11 v23H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall State - Public Profile | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 1903 v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows 10 1909 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server v2004 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections - Domain Profile | MSCT Windows 10 1809 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
