| Buffer overflow protection should be configured 'LimitRequestBody' | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'AddModule mod_env.c' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| CGI-BIN directory should be disabled. 'ScriptAlias' | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Directory access permissions should be restricted. | TNS IBM HTTP Server Best Practice | Unix | CONFIGURATION MANAGEMENT |
| Fortigate - Admin password lockout threshold - '1-3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Antispam License - Not Expired | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Close port TCP 113 on external interface | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - Disable insecure services - HTTP | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - External Logging - 'fortianalyzer3' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Fortianalyzer Logs - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-final-warning-threshold <= 95% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - full-second-warning-threshold <= 90% | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Inactivity timeout - 'console' <= 5 | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Login Banner - post-login-banner | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Password Complexity - 1 non-alphanum character | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - RADIUS, LDAP, or TACACS+ response wait period | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | ACCESS CONTROL |
| Fortigate - Require that passwords expire | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | IDENTIFICATION AND AUTHENTICATION |
| Fortigate - Review and disable unused interfaces | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Review the NTP server configuration | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - SNMP is enabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| Fortigate - SNMP v3 users have passwords | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - Syslog2 Logging - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Syslog3 Logging - severity 'information' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | AUDIT AND ACCOUNTABILITY |
| Fortigate - Use non default admin access ports - 'HTTPS' | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | CONFIGURATION MANAGEMENT |
| HTTP TRACE method should be disabled. 'TraceEnable' | TNS IBM HTTP Server Best Practice | Windows | CONFIGURATION MANAGEMENT |
| Huawei: Command Levels Not Changed | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Device clock = UTC | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Disable FTP IPV4 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Disable Telnet on IPV4 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Enable AAA authorization | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Enable SSH | TNS Huawei VRP Best Practice Audit | Huawei | SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: External Syslog server is configured | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: NTP is enabled | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Set appropriate 'login' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set System Name | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Simple Password Authentication is not used. | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SNMP Community string != public | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SSH Max Retries <= 3 | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Keep Alive Timeout setting value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| Logging Directives should be restricted to authorized users. - 'LogFormat' | TNS IBM HTTP Server Best Practice | Unix | AUDIT AND ACCOUNTABILITY |
| Logs containing auditing information should be secured at the directory level. | TNS IBM HTTP Server Best Practice | Windows | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| MaxClients parameter value should be configured to appropriate value. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Compute - keystone used for authentication | TNS OpenStack Nova/Compute Security Guide | Unix | IDENTIFICATION AND AUTHENTICATION |
| OpenStack Compute - secure protocol used for authentication | TNS OpenStack Nova/Compute Security Guide | Unix | |
| OpenStack Compute - strict permissions set for Compute configuration files - /etc/nova/rootwrap.conf | TNS OpenStack Nova/Compute Security Guide | Unix | CONFIGURATION MANAGEMENT |
| Server version information parameters should be turned off - 'ServerTokens Prod' | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| User IDs which disclose the privileges associated with it, should not be created. | TNS IBM HTTP Server Best Practice | Windows | ACCESS CONTROL |
| WatchGuard : Single Sign-On - 'Enabled' | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | IDENTIFICATION AND AUTHENTICATION |
