| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Enable the Firewall Stealth Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.1 Ensure Caller ID is set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure access profile is set to use CHAP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2 Ensure a table exists | CIS Red Hat EL8 Server L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3.2 Ensure a table exists | CIS Red Hat EL8 Workstation L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.5 Ensure a table exists | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.6 Ensure base chains exist - hook input | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.6 Ensure base chains exist - hook output | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure default deny firewall policy - forward | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure default deny firewall policy - input | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2.9 Ensure default deny firewall policy - output | CIS Red Hat EL7 Server L1 v3.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.4 Ensure loopback traffic is configured - lo | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.4 Ensure loopback traffic is configured - lo | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - forward | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - forward | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - input | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - input | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - output | CIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.6 Ensure default deny firewall policy - output | CIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure Common SNMP Community Strings are NOT used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 Ensure interface restrictions are set for SNMP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 Ensure interface restrictions are set for SNMP | CIS Juniper OS Benchmark v2.0.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure SNMP is set to OOB management only | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure SNMP is set to OOB management only | CIS Juniper OS Benchmark v2.0.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10.2.6 Ensure Web-Management Interface Restriction is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10.2.7 Ensure Web-Management Interface Restriction is set to OOB Management | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.11 Ensure a route table for the public subnets is created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Ensure a route table for the private subnets is created | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.13 Ensure Routing Table associated with Web tier ELB subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.14 Ensure Routing Table associated with Web tier subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.15 Ensure Routing Table associated with App tier subnet have the default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.16 Ensure Routing Table associated with Data tier subnet have NO default route (0.0.0.0/0) defined to allow connectivity | CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0 | amazon_aws | SYSTEM AND COMMUNICATIONS PROTECTION |
| Authorized IP managers | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dedicated management port - 'set interface Mgmt state on' | TNS Check Point GAiA Best Practices | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| FireEye - User connections are limited by subnet or VLAN | TNS FireEye | FireEye | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Network - 'add allowed-client host any-host' not set | TNS Check Point GAiA Best Practices | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network Security - Use the Out-of-Band (OOB) interface for all management related traffic | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:DMZ Interface - IP Manageable | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:DMZ Interface - Route Mode | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Permitted Management IP Network | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - IP Manageable | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - PING | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - Route Mode | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - SNMP | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - SSH | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - SSL | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust Interface - Web | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Untrust Interface - IP Manageable | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
