| 1.2 Set 'Maximum receive size - organization level' to '10240' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login block-for | CIS Cisco IOS 17 L2 v2.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login block-for | CIS Cisco IOS 16 L2 v2.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login delay | CIS Cisco IOS 17 L2 v2.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login delay | CIS Cisco IOS 16 L2 v2.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure Login Block - login quiet-mode | CIS Cisco IOS 17 L2 v2.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Set 'Maximum number of recipients - organization level' to '5000' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.18 Set 'Maximum receive size - connector level' to '10240' | CIS Microsoft Exchange Server 2016 Hub v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.18 Set 'Maximum receive size - connector level' to '10240' | CIS Microsoft Exchange Server 2013 Hub v1.1.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.10 Ensure rate limiting measures are set - config | CIS Amazon Linux 2 STIG v1.0.0 L3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - current ipv4 = off | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.13 Disable ICMP Redirect Messages - persistent ipv4 = off | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.35 init.ora - 'sec_protocol_error_further_action = DELAY <seconds> or DROP <seconds>' | CIS v1.1.0 Oracle 11g OS Windows Level 1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.35 init.ora - 'sec_protocol_error_further_action = DELAY <seconds> or DROP <seconds>' | CIS v1.1.0 Oracle 11g OS L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=always | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.14 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Set the 'on-failure' container restart policy to 5 - RestartPolicyName=on-failure | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.16 Ensure that a Zone Protection Profile with an enabled SYN Flood Action of SYN Cookies is attached to all untrusted zones | CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.5.1 Prevent virtual machines from taking over resources - Mem Share Level | CIS VMware ESXi 5.5 v1.2.0 Level 2 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| 10.11 Configure maxHttpHeaderSize | CIS Apache Tomcat 7 L2 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 36 - Configure connectionTimeout | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 37 - Configure maxHttpHeaderSize | TNS Best Practice Jetty 9 Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Access Security - SSH - Set connection-limit and rate-limit restrictions - rate-limit | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Control Plane Policing | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - authorized-server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - global | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - port trust, vlans, and validate | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'sql_mode' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Fortigate - reset-sessionless-tcp disabled | TNS Fortigate FortiOS Best Practices v2.0.0 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Keep Alive setting parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Keep Alive Timeout setting value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MACsec | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxClients parameter value should be configured to appropriate value. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MaxSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| MinSpareServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network Security - Disable ICMP timestamp & record route requests - no-ping-time-stamp | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| SonicWALL - Flood Protection - Layer 3 - Protection Mode | TNS SonicWALL v5.9 | SonicWALL | SYSTEM AND COMMUNICATIONS PROTECTION |
| StartServers parameter value should be appropriately configured. | TNS IBM HTTP Server Best Practice | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DDoS Prevention - Distributed Denial-of-Service Prevention - Per Client Quota | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DDoS Prevention - Distributed Denial-of-Service Prevention - Per Server Quota | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Block Address Space Probes | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Block Port Space Probes | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop ICMP Flood Attack | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop IKE Flood Attack | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop IP Source Route | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop IPSEC Flood Attack | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
| WatchGuard : DoS Prevention - Drop SYN Flood Attack | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | SYSTEM AND COMMUNICATIONS PROTECTION |
