| 1.1.5.3.6 Set 'Windows Firewall: Public: Allow unicast response' to 'No' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Ensure Password Complexity is set to 3 | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.5 Ensure Password Expiration is set to 90 days | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | IDENTIFICATION AND AUTHENTICATION |
| 1.11 Ensure Deny access after failed login attempts is selected | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.1.6 Ensure DNS server is configured - primary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.10 Ensure DHCP is disabled | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure SNMP traps is enabled - authorizationError | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server primary | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY |
| 2.4.1 Ensure 'System Backup' is set. | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Snapshot' is set | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.4.3 Configuring Scheduled Backups | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutes | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.4 Ensure Radius or TACACS+ server is configured - aaa server | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | ACCESS CONTROL |
| 2.5.5 Ensure allowed-client is set to those necessary for device management | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Use Checkpoint Sections and Titles | CIS Check Point Firewall L1 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.4 Ensure Hit count is Enable for the rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.4.3.2.2 Ensure iptables loopback traffic is configured | CIS Debian 10 Server L1 v2.0.0 | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.6 Ensure no Allow Rule with Any in Source filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.7 Ensure no Allow Rule with Any in Services filed present in the Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 3.8 Logging should be enable for all Firewall Rules | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | AUDIT AND ACCOUNTABILITY, SECURITY ASSESSMENT AND AUTHORIZATION |
| 3.12 Ensure Anti-Spoofing is enabled and action is set to Prevent for all Interfaces | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.18 Ensure Allow bi-directional NAT is enabled | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT |
| 4.4.2.2 Ensure iptables loopback traffic is configured | CIS Debian Linux 12 v1.1.0 L1 Workstation | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.4.2.2 Ensure iptables loopback traffic is configured | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Server | Unix | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.7.1 Ensure authentication is set to MD5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 7.1.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | AUDIT AND ACCOUNTABILITY |
| 20.23 Ensure 'Domain controllers have a PKI server certificate' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.60 Ensure 'System files must be monitored for unauthorized changes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-001101 - AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000280 - The Cisco switch must produce audit records containing information to establish when (date and time) the events occurred. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and non-secure functions and services. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000880 - The Cisco switch must be configured to automatically audit account enabling actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| ESXI-06-000057 - The system must configure the firewall to block network traffic by default - Incoming | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000057 - The ESXi host must configure the firewall to block network traffic by default - incoming | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| WINFW-000100 - Inbound exceptions to the firewall on domain workstations must only allow authorized management systems. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| WN10-00-000135 - A host-based firewall must be installed and enabled on the system. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
| WN12-FW-000001 - A host-based firewall must be installed and enabled on the system. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | CONFIGURATION MANAGEMENT |
| WN16-00-000310 - A host-based firewall must be installed and enabled on the system. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
| WN22-00-000280 - Windows Server 2022 must have a host-based firewall installed and enabled. | DISA Microsoft Windows Server 2022 STIG v2r4 | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
