| 1.1 Secure Login and Telnet Disabling - Disable telnet server | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 1.1 Secure Login and Telnet Disabling - Enable SSH server | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 1.2 Password Security Policy - a) The default password length shouldn't be below 8 characters | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - b) The password must include either three of 'number', 'capital', 'lowercase', 'special-character' or set the 'character-set-num' value to 3-4 | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - same-consecutive | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - c) Configure 'strong-password dictionary' and 'same-consecutive' to avoid weak password - strong-password dictionary | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - d) Check either of the following words exist in configuration file | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - e) Check for strong-password max-length | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - e) Check for strong-password max-length - strong-password date-check enable | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - e) Check for strong-password max-length - strong-password username-related-chk inverse | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Password Security Policy - f) The validity period of an account can be configured | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 1.4 SNMP Security - b) SNMP server | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5 FTP/SFTP Access Authorization - sftp top-directory | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 1.6 Support Web Access Security - b) ssl-context field | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - b) Disable encryption 3des-cbc | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - c) Disable encryption aes128-cbc | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - e) Disable encryption aes256-cbc | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - h) Disable hmac none | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8 SSH Strong Algorithm - j) Disable diffie-hellman group1-sha1 | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - a) Version | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - b) ciphersuite | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - c) pki-profile | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9 SSL Strong Algorithm - d) renegotiate | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 2.1 Protection Policy for the CPS Control Engine | Tenable ZTE ROSNG | ZTE_ROSNG | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2 Maintain current AWS account contact details | CIS Amazon Web Services Foundations v7.0.0 L1 | amazon_aws | INCIDENT RESPONSE |
| 2.2 NTP Security Protection - a) Enable NTP | Tenable ZTE ROSNG | ZTE_ROSNG | AUDIT AND ACCOUNTABILITY |
| 2.3 Disable the Proxy ARP Function - b) No inter-vlan-proxy | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 2.3 Disable the Proxy ARP Function - d) No local-proxy-arp | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 2.4 Disable the IP Unreachable Function | Tenable ZTE ROSNG | ZTE_ROSNG | CONFIGURATION MANAGEMENT |
| 2.5 Product Default Banner | Tenable ZTE ROSNG | ZTE_ROSNG | ACCESS CONTROL |
| 3.1 Authentication and Verification of OSPF Routing Protocols - authentication message-digest | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.1 Authentication and Verification of OSPF Routing Protocols - message-digest-key | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| 3.2 Authentication and Verification of ISIS Routing Protocols - authentication | Tenable ZTE ROSNG | ZTE_ROSNG | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'Image Integrity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'OSPF authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP traps' is enabled - coldstart | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'snmp-server group' is set to 'v3 priv' | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure DNS services are configured correctly - domain-lookup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| JUSX-DM-000055 - The Juniper SRX Services Gateway must generate log records containing the full-text recording of privileged commands. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000163 - The Juniper SRX Services Gateway must limit the number of sessions per minute to an organization-defined number for SSH to protect remote access management from unauthorized access. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OpenStack Networks and their attached subnets | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Subnet Details | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| Rackspace Networks and their attached subnets | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Rackspace Subnet Details | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of all Domains created since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of all Domains updated since the last scan | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Domains | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Ports and their details | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
| Review the list of Ports and their details | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
