| 1.4 Use Secure Upstream Caching DNS Servers | CIS BIND DNS v1.0.0 L2 Caching Only Name Server | Unix | ACCESS CONTROL |
| 1.62 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled' | CIS Microsoft Edge L1 v2.0.0 | Windows | ACCESS CONTROL |
| 6.9 Ensure that PAN-DB URL Filtering is used | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.10 Ensure that URL Filtering uses the action of block or override on the URL categories | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.13 Ensure secure URL filtering is enabled for all security policies allowing traffic to the Internet | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 18.8.22.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL |
| 18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL |
| 18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | ACCESS CONTROL |
| 18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 | Windows | ACCESS CONTROL |
| 19.7.4.2 (L1) Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 19.7.4.2 Ensure 'Notify antivirus programs when opening attachments' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| CIS Control 7 (7.7) Use of DNS Filtering Services | CAS Implementation Group 1 Audit File | Unix | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS XE Router RTR v2r9 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS XE Switch RTR v2r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco NX-OS Switch RTR v2r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-list | DISA STIG Cisco IOS Router RTR v2r6 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - route-policy | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS-XR Router RTR v2r4 | Cisco | ACCESS CONTROL |
| Determine if a host has passwords saved or not saved for specific sites with Mozilla Firefox. | TNS File Analysis - Adult Media Browser Usage | FileContent | ACCESS CONTROL |
| Determine if host has bookmarked adult content with Internet Explorer. | TNS File Analysis - Adult Media Browser Usage | FileContent | ACCESS CONTROL |
| Determine if host has browsed adult content with Internet Explorer. | TNS File Analysis - Adult Media Browser Usage | FileContent | ACCESS CONTROL |
| GEN000000-AIX00040 - The securetcpip command must be used | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configured | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX00040 - The securetcpip command must be used. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0300 - The system must not have the bootp service active. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0300 - The system must not have the bootp service active. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| JUEX-RT-000060 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000100 - The Juniper router configured for BGP must reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| WatchGuard : Review ABS Policy Listing | TNS Best Practice WatchGuard Audit 1.0.0 | WatchGuard | ACCESS CONTROL |
