| 3.3.2 Ensure IPv6 redirects are not accepted - sysctl ipv6 default accept | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3.1 Ensure that the CNI in use supports Network Policies | CIS Kubernetes v1.10.0 L1 Master | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not exist | CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.4 Create /etc/hosts.deny | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Ensure the TimeOut Is Set to 10 or Less | CIS Apache HTTP Server 2.4 v2.2.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3 Configure 'Disable changing connection settings' | CIS IE 9 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.5 Configure 'Make proxy settings per-machine (rather than per-user)' | CIS IE 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.2 (L1) Ensure 'MSS: (DisableIPSourceRouting IPv6) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 (L1) Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.3 Ensure 'MSS: (DisableIPSourceRouting) IP source routing protection level' is set to 'Enabled: Highest protection, source routing is completely disabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.6 (L2) Ensure 'MSS: (KeepAliveTime) How often keep-alive packets are sent in milliseconds' is set to 'Enabled: 300,000 or 5 minutes' | CIS Microsoft Windows 10 Enterprise v4.0.0 L2 NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.6.7.4 (L1) Ensure 'Enable authentication rate limiter' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.8.22.1.1 Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.56.3.9.2 Ensure 'Require secure RPC communication' is set to 'Enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (192.0.0.0/24) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| ACLs: Filter for RFC 3330 addresses (198.18.0.0/15) | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Firewall - Deny by Default ACL | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Fabric Element Authentication must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'SSH source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXi.firewall-restrict-access | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - Management interface is only accessible from specific IP ranges | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level - DisableIPSourceRouting | MSCT Windows Server 2025 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 10 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing) | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting) IP source routing protection level | MSCT Windows 11 v24H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows 11 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (DisableIPSourceRouting) IP source routing protection level (protects against packet spoofing) | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 10 v21H1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes | MSCT Windows 11 v22H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes - EnableICMPRedirect | MSCT Windows Server 2025 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| vNetwork : reject-promiscuous-mode-StandardSwitch | VMWare vSphere 6.5 Hardening Guide | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT MSCT Windows Server 2022 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server 2022 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
