| 2.4 Configure TCP Wrappers - enable tcp_wrappers for rpc/bind. Note: This check is recommended by CIS, but not required. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Disable Source Packet Forwarding - Check ip_forward_src_routed value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.5 Disable Response to ICMP Broadcast Timestamp Requests - Check ip_respond_to_timestamp_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.8 Disable Response to Broadcast ICMPv4 Echo Request - Check ip_respond_to_echo_broadcast value. Expected value: 0. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.10 Set Interval for Scanning IRE_CACHE - Check ip_ire_arp_interval value. Expected value: 60000. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.11 Ignore ICMP Redirect Messages - Check ip_ignore_redirect value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.12 Set Strict Multihoming - Check ip6_strict_dst_multihoming value. Expected value: 1. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2 Ensure iptables-persistent is not installed with ufw | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.6 Ensure ufw firewall rules exist for all open ports | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.1 Ensure nftables is installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure ufw is uninstalled or disabled with nftables | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.7 Ensure nftables outbound and established connections are configured | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables default deny firewall policy - forward | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables default deny firewall policy - input | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.8 Ensure nftables default deny firewall policy - output | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.10 Ensure nftables rules are permanent | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.1 Ensure iptables packages are installed - iptables-persistent | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.1.2 Ensure nftables is not installed with iptables | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables default deny firewall policy - 'Chain OUTPUT' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.1 Ensure iptables default deny firewall policy - 'Chain OUTPUT' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.2.3 Ensure iptables outbound and established connections are configured | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure ip6tables default deny firewall policy - 'Chain FORWARD' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure ip6tables default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure ip6tables default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.1 Ensure ufw service is enabled - ufw | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.2.2 Ensure default deny firewall policy | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.1 Ensure iptables are flushed - v6 | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.2 Ensure a table exists | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.3 Ensure base chains exist - output | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.5 Ensure outbound and established connections are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.5 Ensure outbound and established connections are configured | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.6 Ensure default deny firewall policy - input | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.7 Ensure nftables service is enabled | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.3.7 Ensure nftables service is enabled | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.4.2.1 Ensure IPv6 default deny firewall policy - 'Chain FORWARD' | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.4.2.1 Ensure IPv6 default deny firewall policy - 'Chain INPUT' | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.10 Disable Response to Multicast Echo Request - persistent ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.11 Ignore ICMP Redirect Messages - current ipv4 = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.12 Set Strict Multihoming - current ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - current ipv4 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - persistent ipv6 = 0 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.15 Set Maximum Number of Half-open TCP Connections - persistent tcp = 4096 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.16 Set Maximum Number of Incoming Connections - persistent tcp = 1024 | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-routing current = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv4-routing persistent = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.17 Disable Network Routing - ipv6-routing current = disabled | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure file deletion events by users are collected - 32-bit | CIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1.13 Ensure file deletion events by users are collected - auditctl (64-bit) | CIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
