| 1.1.5.3.10 Set 'Windows Firewall: Public: Firewall state' to 'On (recommended)' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.3 Enable Firewall | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.4 Enable Firewall Stealth Mode | CIS Apple macOS 10.13 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.3 Enable Firewall | CIS Apple OSX 10.10 Yosemite L1 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Disable Source Packet Forwarding - Check ip_forward_src_routed value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.4 Disable Response to ICMP Timestamp Requests - Check ip_respond_to_timestamp value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.6 Disable Response to ICMP Netmask Requests - Check ip_respond_to_address_mask_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.7 Disable ICMPv6 Redirect Messages - Check ip6_send_redirects value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.8 Disable Response to Broadcast ICMPv4 Echo Request - Check ip_respond_to_echo_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.12 Set Strict Multihoming - Check ip_strict_dst_multihoming value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.16 Set Maximum Number of Half-open TCP Connections - Check tcp_conn_req_max_q0 value. Expected value: 4096. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure source routed packets are not accepted - 'net.ipv4.conf.default.accept_source_route = 0 - sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Ensure ICMP redirects are not accepted - 'net.ipv4.conf.all.accept_redirects = 0 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.all.secure_redirects = 0 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Ensure secure ICMP redirects are not accepted - 'net.ipv4.conf.default.secure_redirects = 0 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'net.ipv6.conf.default.accept_redirects = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2 Ensure IPv6 redirects are not accepted - 'sysctl net.ipv6.conf.default.accept_redirects = 0' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Disable Source Packet Forwarding - current ipv4 = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4 Enable Strong TCP Sequence Number Generation - Enforce Strong TCP Sequence Number Generation setting (TCP_STRONG_ISS = 2). | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Ensure TCP Wrappers is installed | CIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Disable Directed Broadcast Packet Forwarding - current ip = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5 Disable Directed Broadcast Packet Forwarding - persistent ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Disable Response to ICMP Timestamp Requests - current ip = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.1 Ensure iptables is installed | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.8 Disable Response to ICMP Broadcast Netmask Requests - current ip = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv4 = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - persistent ipv6 = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - current ipv6 = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv6 = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv4 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - persistent ipv6 = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - current ipv4 = 0 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.16 Set Maximum Number of Incoming Connections - persistent tcp = 1024 | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding current = disabled | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-forwarding current = disabled | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-forwarding persistent = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-routing persistent = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-routing persistent = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-routing persistent = disabled | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Disable Bonjour advertising service | CIS Apple OSX 10.10 Yosemite L2 v1.2.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.2 Disable ICMP Redirect Acceptance - 'net.ipv4.conf.default.accept_redirects = 0' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.2 Disable ICMP Redirect Acceptance - net.ipv4.conf.all.accept_redirects | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.3 Disable Secure ICMP Redirect Acceptance - 'net.ipv4.conf.all.secure_redirects=0' | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.7 Enable RFC-recommended Source Route Validation - net.ipv4.conf.default.rp_filter | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2.8 Enable TCP SYN Cookies | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.1 Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.1 Ensure 'Windows Firewall: Public: Firewall state' is set to 'On (recommended)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
