| 1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.4.2 Enable 'service password-encryption' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.2 Enable 'service password-encryption' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.3 Enable Firewall | CIS Apple OSX 10.11 El Capitan L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.2 Ensure ufw is uninstalled or disabled with nftables | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.4 Ensure nftables established connections are configured | CIS Red Hat EL8 Server L1 v3.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2.4 Ensure nftables established connections are configured | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.2 Ensure iptables outbound and established connections are configured | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.2.2 Ensure loopback traffic is configured | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.4.3.2 Ensure IPv6 loopback traffic is configured | CIS Ubuntu Linux 18.04 LXD Container L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.1.2 Ensure loopback traffic is configured - output | CIS Debian 9 Server L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure IPv6 loopback traffic is configured | CIS Debian 8 Workstation L1 v2.0.2 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.2 Ensure IPv6 loopback traffic is configured | CIS Debian 9 Workstation L1 v1.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3 Ensure iptables is installed | CIS Distribution Independent Linux Server L1 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.4.1.2 Ensure loopback traffic is configured | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6.4.2.2 Ensure IPv6 loopback traffic is configured | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.2 Ensure ufw is uninstalled or disabled with nftables | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 7.5 Firewall Consideration | CIS Apple OSX 10.11 El Capitan L2 v1.1.0 | Unix | |
| 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.5 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.6 (L1) Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1.6 Ensure 'Windows Firewall: Domain: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2022 v4.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL NG | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 NG | Windows | AUDIT AND ACCOUNTABILITY |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2019 v4.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2025 v1.0.0 L1 MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2.5 (L1) Ensure 'Windows Firewall: Private: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.5 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L1 BL | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.6 Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'No' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 | Windows | AUDIT AND ACCOUNTABILITY |
| 9.3.7 (L1) Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2022 v4.0.0 L1 DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.3.8 Ensure 'Windows Firewall: Public: Logging: Size limit (KB)' is set to '16,384 KB or greater' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001150 - The Cisco switch must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000057 - The system must configure the firewall to block network traffic by default - Outgoing | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000057 - The ESXi host must configure the firewall to block network traffic by default - outgoing | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| JUEX-RT-000810 - The Juniper perimeter router must be configured to drop fragmented IPv6 packets where the first fragment does not include the entire IPv6 header chain. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server | Juniper Hardening JunOS 12 Devices Checklist | Juniper | AUDIT AND ACCOUNTABILITY |
| PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
