2.7 Ensure internal sources are blocked on external networks | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
3.2 Configure a Default Drop/Cleanup Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Windows 7 Workstation Level 1 v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
9.2.2 Ensure 'Windows Firewall: Private: Inbound connections' is set to 'Block (default)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
9.3.2 Ensure 'Windows Firewall: Public: Inbound connections' is set to 'Block (default)' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
ARST-RT-000670 - The Arista multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interface | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1 | DISA STIG Cisco ASA FW v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. | DISA STIG Cisco IOS Router RTR v2r6 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets. | DISA STIG Cisco IOS Switch RTR v2r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS Router RTR v2r6 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA STIG Cisco IOS Router RTR v2r6 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA STIG Cisco IOS XE Switch RTR v2r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Cisco IOS XE Switch RTR v2r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Cisco IOS Switch RTR v2r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
FNFG-FW-000115 - The FortiGate firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
FNFG-FW-000120 - The FortiGate firewall must apply egress filters to traffic outbound from the network through any internal interface. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
FNFG-FW-000130 - The FortiGate firewall must restrict traffic entering the VPN tunnels to the management network to only the authorized management packets based on destination address. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
Inbound Connections - Domain Profile | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Inbound Connections - Public Profile | MSCT Windows 10 v21H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
Inbound Connections - Public Profile | MSCT Windows 10 v20H2 v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
JUEX-RT-000510 - The Juniper perimeter router must be configured to block all packets with any IP options. | DISA Juniper EX Series Router v1r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUEX-RT-000520 - The Juniper PE router must be configured to ignore or block all packets with any IP options. | DISA Juniper EX Series Router v1r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUEX-RT-000760 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA Juniper EX Series Router v1r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUEX-RT-000780 - The Juniper multicast Designated Router (DR) must be configured to filter the IGMP and MLD Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Juniper EX Series Router v1r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000383 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000384 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dstops | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - hop-by-hop | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstops | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - hop-by-hop | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
SYMP-AG-000550 - Symantec ProxySG must allow incoming communications only from organization-defined authorized sources routed to organization-defined authorized destinations - Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |