| 2.3.2 Set 'ip address' for 'ntp server' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.5.2.1 Ensure Firewall Is Enabled | CIS Apple macOS 12.0 Monterey v4.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, INCIDENT RESPONSE, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2.1 Ensure firewalld is installed | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.3 Ensure firewalld is either not installed or masked with iptables - stopped | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.3 Ensure iptables rules exist for all open ports | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.4 Ensure firewall rules exist for all open ports | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3 Ensure IPv6 firewall rules exist for all open ports | CIS SUSE Linux Enterprise 12 v3.2.1 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.3 Ensure ip6tables outbound and established connections are configured | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 10.14 v2.0.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure Firewall Logging Is Enabled and Configured | CIS Apple macOS 13.0 Ventura Cloud-tailored v1.1.0 L1 | Unix | AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1.6 Ensure firewall rules exist for all open ports | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2.3 Ensure outbound and established connections are configured | CIS Debian Family Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.4 Ensure IPv6 firewall rules exist for all open ports - ss | CIS Red Hat 6 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.2.3 Ensure iptables outbound and established connections are configured | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Windows Server 2012 R2 DC L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.3 (L1) Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 (L1) Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' | CIS Windows Server 2012 DC L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.3 (L1) Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' | CIS Windows Server 2012 MS L1 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2016 v3.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 11 Stand-alone v4.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 (L1) Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.6 (L1) Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' | CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 17.2.5 Ensure 'Audit Other Account Management Events' is set to include 'Success' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | AUDIT AND ACCOUNTABILITY |
| 17.7.3 Ensure 'Audit MPSSVC Rule-Level Policy Change' is set to 'Success and Failure' - Success and Failure | CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | AUDIT AND ACCOUNTABILITY |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.28 Ensure 'Fax Server role' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.30 Ensure 'FTP servers must be configured to prevent anonymous logons' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| Ensure known default accounts do not exist | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Firewall Filter - Ensure the last term, default-deny, includes the syslog option | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000450 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode, or a firewall filter, enabled on all CE-facing interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| WPAW-00-002100 - The Windows PAW must be configured so that all inbound ports and services to a PAW are blocked except as needed for monitoring, scanning, and management tools or when the inbound communication is a response to an outbound connection request. | DISA MS Windows Privileged Access Workstation v3r1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
