| 1.1 Ensure DNS server is configured | CIS Fortigate 7.0.x Level 1 v1.2.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco ASA 9.x Firewall L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.6.5 Ensure 'Telnet' is disabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.1.3 Ensure 'trusted NTP server' exists | CIS Cisco ASA 9.x Firewall L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.2 Ensure 'local timezone' is properly configured | CIS Cisco ASA 9.x Firewall L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.2 Ensure 'Post-Login-Banner' is set - enable | CIS Fortigate 7.0.x Level 1 v1.2.0 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.3.2 Allow only trusted hosts in SNMPv3 | CIS Fortigate 7.0.x Level 2 v1.2.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure High Availability configuration is enabled | CIS Fortigate 7.0.x Level 2 v1.2.0 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.5.2 Ensure 'Monitor Interfaces' for High Availability devices is enabled | CIS Fortigate 7.0.x Level 1 v1.2.0 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.5.3 Ensure HA Reserved Management Interface is configured | CIS Fortigate 7.0.x Level 1 v1.2.0 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.2 Configure a Default Drop/Cleanup Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Ensure That RSASHA1 Is Not Used for the Key-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5 Ensure That RSASHA1 Is Not Used for the Zone-Signing Key in Cloud DNS DNSSEC | CIS Google Cloud Platform v3.0.0 L1 | GCP | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Intune for Windows 10 v3.0.1 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Intune for Windows 11 v3.0.1 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.14 Ensure Accept RIP is not enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.6 Ensure That IP Forwarding Is Not Enabled on Instances | CIS Google Cloud Platform v3.0.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Ensure access SSH to CLI interface is restricted to needed IP addresses only | CIS F5 Networks v1.0.0 L1 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 5.2 Ensure to exclude inode information from ETags HTTP Header | CIS F5 Networks v1.0.0 L1 | F5 | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.1 Ensure that SNMP access is allowed to trusted agents IPs only | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.2 Ensure minimum SNMP version is set to V3 for agent access | CIS F5 Networks v1.0.0 L1 | F5 | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Member Server | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.10 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows Server 2022 v3.0.0 L2 Domain Controller | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3 | CIS Microsoft Windows Server 2019 Standalone DC L2 v1.0.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.10 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3 | CIS Microsoft Windows Server Standalone 2019 Standalone MS L2 v1.0.0 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL + NG | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.11 Ensure 'MSS: (TcpMaxDataRetransmissions IPv6) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3 | CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + BL | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Enterprise v3.0.0 L2 + NG | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 NG | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 BL NG | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 (L2) Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 Stand-alone v3.0.0 L2 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' | CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.5.12 Ensure 'MSS: (TcpMaxDataRetransmissions) How many times unacknowledged data is retransmitted' is set to 'Enabled: 3' - Enabled: 3 | CIS Microsoft Windows 11 Stand-alone v2.0.0 L2 + BL | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
