1.1.1 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
1.1.2 Ensure 'Login Banner' is set | CIS Palo Alto Firewall 11 v1.0.0 L1 | Palo_Alto | AWARENESS AND TRAINING, PROGRAM MANAGEMENT |
1.6 Ensure maximum RAM is installed | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
1.6.1 Ensure 'Verify Update Server Identity' is enabled | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
1.8 Ensure Retired JUNOS Devices are Disposed of Securely | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
3.1 Ensure a fully-synchronized High Availability peer is configured | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.1.3.1 Set Interfaces with no Peers to Passive-Interface | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.1.3.1 Set Interfaces with no Peers to Passive-Interface | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure Condition | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure Condition | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.2.1 Ensure VRRP authentication-key is set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Election Setings | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.3 Ensure 'Passive Link State' and 'Preemptive' are configured appropriately - Passive Link State | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | CONFIGURATION MANAGEMENT |
3.3.1 Configure DHCP Trust - ip dhcp snooping | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.3.1 Configure DHCP Trust - ip dhcp snooping trust | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.3.1 Configure DHCP Trust - ip dhcp snooping vlan | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.3.2 Configure Storm Control | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.3.2 Configure Storm Control | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.4.1 Configure LLDP | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.4.2 Configure CDP | CIS Cisco NX-OS L1 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.4.2 Configure CDP | CIS Cisco NX-OS L2 v1.0.0 | Cisco | CONFIGURATION MANAGEMENT |
3.8 Ensure Loopback interface address is set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
3.9 Ensure only one loopback address is set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
4.1.3 Ensure EBGP peers are set to use GTSM | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
4.5.2 Ensure RIP is set to check for zero values in reserved fields | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
4.6.1 Ensure BFD Authentication is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
4.6.2 Ensure BFD Authentication is Not Set to Loose-Check | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
5.6.2 Ensure use of VPC-native clusters | CIS Google Kubernetes Engine (GKE) v1.5.0 L1 | GCP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
6.5.1 Ensure ICMPv4 rate-limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
6.5.2 Ensure ICMPv6 rate-limit is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
6.5.3 Ensure ICMP Source-Quench is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.5.4 Ensure TCP SYN/FIN is Set to Drop | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.5.5 Ensure TCP RST is Set to Disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.6.9 Ensure local passwords require multiple character sets | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.6.10 Ensure at least 4 set changes in local passwords | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.6.11 Ensure local passwords are at least 10 characters | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.10.5.8 Ensure REST Allowed Sources is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.10.5.10 Ensure REST Service Address is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
6.11.2 Ensure Auxiliary Port is Set as Insecure If Used | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
6.14 Ensure Configuration File Encryption is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
6.19 Ensure Hostname is Not Set to Device Make or Model | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
6.20 Ensure Default Address Selection is Set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT |
6.23 Ensure Password is Set for PIC-Console-Authentication | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |