| 1.1.3 Ensure 'Master Key Passphrase' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.4 Ensure 'Password Recovery' is disabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.1.4 Ensure 'Password Recovery' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure 'Domain Name' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1 Enable logging | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.1.2 Ensure 'local username and password' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | ACCESS CONTROL |
| 1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | ACCESS CONTROL |
| 1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.4 Ensure 'MOTD banner' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AWARENESS AND TRAINING |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.9.2 Configure SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.10.2 Ensure 'logging to Serial console' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.3 Ensure 'logging to monitor' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.4 Ensure 'syslog hosts' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.7 Ensure 'logging with timestamps' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.11.4 Ensure 'SNMP traps' is enabled - authentication | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.5 Ensure 'SNMP community string' is not the default string | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.2 Set the 'ip domain name' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure 'EIGRP authentication' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Set 'ntp authenticate' | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4 Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.1 Ensure DNS services are configured correctly - name-server | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Ensure ActiveX filtering is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.3 Ensure 'Windows Firewall: Domain: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.3 Ensure 'Windows Firewall: Public: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-002057 - AIX audit logs must be rotated daily. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Secure_Token_Service_(STS)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | |
| EX13-CA-000010 - Exchange must use Encryption for OWA access. | DISA Microsoft Exchange 2013 Client Access Server STIG v2r2 | Windows | ACCESS CONTROL |
| EX16-MB-002910 - Exchange must use encryption for Outlook Web App (OWA) access. | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | ACCESS CONTROL |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
