| 1.2.2 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.2 Set 'transport input ssh' for 'line vty' connections | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.2 Set 'transport input ssh' for 'line vty' connections | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.7 Set 'priv' for each 'snmp-server group' using SNMPv3 | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.8 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.8.5 Ensure users must authenticate users using MFA via a graphical user logon | CIS Amazon Linux 2 STIG v2.0.1 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.4 Set 'seconds' for 'ip ssh timeout' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.5 Set maximum value for 'ip ssh authentication-retries' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.5 Set maximum value for 'ip ssh authentication-retries' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure rsh client is not installed | CIS Debian Family Workstation L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.2 Ensure rsh client is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 Ensure telnet client is not installed | CIS Debian Family Server L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 Ensure telnet client is not installed | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 2.2.4 Ensure telnet client is not installed | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.1.1 Ensure only MFA Enabled Identities can Access Privileged Virtual Machine | CIS Microsoft Azure Foundations v6.0.0 L2 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 3.6.1.5 Ensure SSH PermitEmptyPasswords is disabled | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 3.6.1.6 Configuring SSH - disallow host based authentication | CIS IBM AIX 7.1 L1 v2.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.1 (L1) Ensure multifactor authentication is enabled for all users in administrative roles | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.1 (L1) Ensure multifactor authentication is enabled for all users in administrative roles | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators | CIS Microsoft 365 Foundations v6.0.1 L2 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.2.5 (L2) Ensure 'Phishing-resistant MFA strength' is required for Administrators | CIS Microsoft 365 Foundations v6.0.1 L2 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3.1 (L1) Ensure Microsoft Authenticator is configured to protect against MFA fatigue | CIS Microsoft 365 Foundations v6.0.1 L1 E3 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.2.3.1 (L1) Ensure Microsoft Authenticator is configured to protect against MFA fatigue | CIS Microsoft 365 Foundations v6.0.1 L1 E5 | microsoft_azure | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 14 OS v 1.3.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure login via "local" UNIX Domain Socket is configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure login via "local" UNIX Domain Socket is configured correctly | CIS PostgreSQL 13 v1.3.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.2 Ensure SSH is Restricted to Version 2 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.3 Ensure SSH Connection Limit is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.4 Ensure SSH Rate Limit is Configured | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.6 Ensure Strong Ciphers are set for SSH | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restriction | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchange | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSH | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA Key | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.2.1 Ensure Web-Management is not Set to HTTP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.2.3 Ensure Web-Management is Set to use PKI Certificate for HTTPS | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.3.4 Ensure XNM-SSL SSLv3 Support is Not Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.5.1 Ensure REST is Not Set to HTTP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.5.2 Ensure REST is Set to HTTPS | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.5.4 Ensure REST HTTPS is Set to use Mutual Authentication | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.10.5.5 Ensure REST HTTPS Cipher List is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 18.9.59.3.9.3 (L1) Ensure 'Require use of specific security layer for remote (RDP) connections' is set to 'Enabled: SSL' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| 18.9.59.3.9.4 (L1) Ensure 'Require user authentication for remote connections by using Network Level Authentication' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION |
| SNMP: Use SNMPv3 only | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | IDENTIFICATION AND AUTHENTICATION |
