| 1.1.3 Ensure 'Master Key Passphrase' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.4 Ensure 'Password Recovery' is disabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.1.4 Ensure 'Password Recovery' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.1 Ensure 'Domain Name' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.10 Set 'http Secure-server' limit | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.3.1 Set the 'banner-text' for 'banner exec' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.1.2 Ensure 'local username and password' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | ACCESS CONTROL |
| 1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | ACCESS CONTROL |
| 1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.1 Set 'no snmp-server' to disable SNMP when unused | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.2 Unset 'private' for 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.4 Ensure 'MOTD banner' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AWARENESS AND TRAINING |
| 1.5.4 Ensure 'MOTD banner' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AWARENESS AND TRAINING |
| 1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.7.2 Ensure 'TLS 1.0' is set for HTTPS access | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.15 Ensure GNOME Lock Delay is configured | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | ACCESS CONTROL |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.10.2 Ensure 'logging to Serial console' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.3 Ensure 'logging to monitor' is disabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.10.4 Ensure 'syslog hosts' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.6 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.7 Ensure 'logging with timestamps' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.11.4 Ensure 'SNMP traps' is enabled - authentication | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.5 Ensure 'SNMP community string' is not the default string | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.1 Set the 'hostname' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.3 Ensure 'EIGRP authentication' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4 Ensure DHCP services are disabled for untrusted interfaces - dhcprelay | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.5 Ensure ICMP is restricted for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.1 Ensure DNS services are configured correctly - name-server | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ensure DNS services are configured correctly - name-server | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.1.3 Set 'no interface tunnel' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.2 Ensure intrusion prevention is enabled for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.10 Ensure ActiveX filtering is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.10 Ensure ActiveX filtering is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| JUEX-NM-000260 - The Juniper EX switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-NM-000620 - The Juniper EX switch must be configured to generate log records for a locally developed list of auditable events. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| VCTR-67-000019 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : disable-dvportgroup-autoexpand | VMWare vSphere 5.X Hardening Guide | VMware | |
