| 1.1 Ensure Minimum Password Length is set to 14 or higher | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.2 Ensure Disallow Palindromes is selected | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.3 Ensure Password Complexity is set to 3 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.5 Ensure Password Expiration is set to 90 days | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.7 Ensure Lockout users after password expiration is set to 1 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.8 Ensure Deny access to unused accounts is selected | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.9 Ensure Days of non-use before lock-out is set to 30 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.12 Ensure Maximum number of failed attempts allowed is set to 5 or fewer | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 1.13 Ensure Allow access again after time is set to 300 or more seconds | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.1.1 Ensure 'Login Banner' is set - message banner msgvalue | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.1.1 Ensure 'Login Banner' is set - message banner on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.1.3 Ensure Core Dump is enabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Ensure unused interfaces are disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure DNS server is configured - primary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Ensure DNS server is configured - tertiary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.7 Ensure IPv6 is disabled if not used | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.1.10 Ensure DHCP is disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.2.1 Ensure SNMP agent is disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.2.2 Ensure SNMP version is set to v3-Only | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure SNMP traps is enabled - coldStart | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - configurationChange | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - configurationSave | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - linkUpLinkDown | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Ensure SNMP traps is enabled - lowDiskSpace | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.2.4 Ensure SNMP traps receivers is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp active | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server primary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server secondary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.2 Ensure timezone is properly configured | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.4.1 Ensure 'System Backup' is set. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Snapshot' is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.4.3 Configuring Scheduled Backups | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.3 Ensure Client Authentication is secured. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.5.4 Ensure Radius or TACACS+ server is configured - aaa server | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.4 Ensure Radius or TACACS+ server is configured - tacacs-servers state on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.6.1 Ensure mgmtauditlogs is set to on | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 3.2 Configure a Default Drop/Cleanup Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Use Checkpoint Sections and Titles | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.4 Ensure Hit count is Enable for the rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.5 Ensure no Allow Rule with Any in Destination filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.10 Ensure Drop Out of State TCP Packets is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.11 Ensure Drop Out of State ICMP Packets is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.18 Ensure Allow bi-directional NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.19 Ensure Automatic ARP Configuration NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.20 Ensure Logging is enabled for Track Options of Global Properties | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
