| 1.1.5.1.7 Set 'Windows Firewall: Domain: Outbound connections' to 'Allow (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.1.11 Set 'Windows Firewall: Domain: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.2.2 Set 'Windows Firewall: Private: Outbound connections' to 'Allow (default)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.5.3.10 Set 'Windows Firewall: Public: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.4 Enable Firewall Stealth Mode | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.8 Protocol Access Controls - 'interface.blocked.iscsi has been configured' | TNS NetApp Data ONTAP 7G | NetApp | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled 'net.ipv4.conf.all.send_redirects = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Disable Broadcast Packet Forwarding - Check ip_forward_directed_broadcasts value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.9 Disable Response to Multicast Echo Request - Check ip6_respond_to_echo_multicast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.12 Set Strict Multihoming - Check ip_strict_dst_multihoming value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.13 Disable ICMPv4 Redirect Messages - Check ip_send_redirects value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.15 Disable TCP Reverse IP Source Routing - Check tcp_rev_src_routes value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.18 Lock down dtspcd(8) - Check tcp_extra_priv_ports_add value. Expected value: 6112. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Ensure broadcast ICMP requests are ignored - sysctl | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.8 Ensure TCP SYN Cookies is enabled - /etc/sysctl.conf /etc/sysctl.d/* | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2 Ensure default deny firewall policy - 'Chain OUTPUT' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3 Ensure loopback traffic is configured - input | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3 Ensure loopback traffic is configured - input | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 Disable Response to ICMP Broadcast Timestamp Requests - persistent ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.9 Disable Response to Broadcast ICMPv4 Echo Request - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - current ipv6 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv6 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv4 = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - current ipv6 = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.14 Disable TCP Reverse IP Source Routing - current tcp = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.15 Set Maximum Number of Half-open TCP Connections - current tcp = 4096 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-forwarding current = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-forwarding persistent = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.2 Disable Send Packet Redirects - net.ipv4.conf.all.send_redirects | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.3 Ensure that the Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.1 v1.0.1 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.3 Disable Secure ICMP Redirect Acceptance - net.ipv4.conf.all.secure_redirects | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3.2 Disable IPv6 Redirect Acceptance - net.ipv6.conf.all.accept_redirects | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enable port locking by default on the VM guest network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure /etc/hosts.deny is configured | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure TCP Wrappers is installed - rpm | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0' | IBM System i Security Reference for V7R2 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IBM i : Automatic Configuration of Virtual Devices (QAUTOVRT) - '0' | IBM System i Security Reference for V7R3 | AS/400 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows 10 v2004 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server 1903 DC v1.19.9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Defender Firewall: Protect all network connections | MSCT Windows Server v20H2 DC v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Firewall: Protect all network connections | MSCT Windows Server 2012 R2 MS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| Windows Firewall: Protect all network connections | MSCT Windows 10 v1507 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
