Item Search

NameAudit NamePluginCategory
1.2.5 Set 'access-class' for 'line vty'CIS Cisco IOS 12 L1 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

2.2 NTP Security Protection - b) NTP access-groupTenable ZTE ROSNGZTE_ROSNG

SYSTEM AND COMMUNICATIONS PROTECTION

2.5.5 Ensure allowed-client is set to those necessary for device managementCIS Check Point Firewall L2 v1.1.0CheckPoint

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.4 - NIS - restrict NIS server communications - '/var/yp/securenets includes allowed subnets'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.6.4 - NIS - restrict NIS server communications - '/var/yp/securenets includes no other subnets'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

2.7.4 - SNMP - restrict public community access - 'all communities have IP access restrictions'CIS AIX 5.3/6.1 L2 v1.1.0Unix

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4.4 Configure HSRP protections - hsrp version 2CIS Cisco NX-OS L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4.4 Configure HSRP protections - hsrp version 2CIS Cisco NX-OS L1 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks'CIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL appliedCIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS 17 L2 v1.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS 12 L2 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

6.4 Ensure Geo-Restriction is enabled within Cloudfront DistributionCIS Amazon Web Services Three-tier Web Architecture L2 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.17 Use a Web-Tier ELB Security Group to accept only HTTP/HTTPSCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.19 Create the Web tier Security Group and ensure it allows inbound connections from Web tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.20 Ensure Web tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.21 Create the App tier ELB Security Group and ensure only accepts HTTP/HTTPSCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.22 Create the App tier Security Group and ensure it allows inbound connections from App tier ELB Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.23 Ensure App tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.24 Create the Data tier Security Group and ensure it allows inbound connections from App tier Security Group for explicit portsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

6.25 Ensure Data tier Security Group has no inbound rules for CIDR of 0 (Global Allow)CIS Amazon Web Services Three-tier Web Architecture L1 1.0.0amazon_aws

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure 'Service setting of ANY' in a security policy allowing traffic does not existCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

Access control listsArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Access control listsArubaOS CX 10.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Authentication policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Device Connection Control policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Configuration Server policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Element Authentication must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - IPfilter policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Switch Connection Control policy must be rejectedTenable Best Practices Brocade FabricOSBrocade

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'SSH source restriction' is set to an authorized IP addressTenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'SSH source restriction' is set to an authorized IP addressTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'threat-detection statistics' is set to 'tcp-intercept'Tenable Cisco Firepower Best Practices AuditCisco

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure packet fragments are restricted for untrusted interfacesTenable Cisco Firepower Threat Defense Best Practices AuditCisco_Firepower

SYSTEM AND COMMUNICATIONS PROTECTION

PCI 2.2.4 - Verify that common security parameter settings are included - NIS - '/var/yp/securenets includes allowed subnets'PCI DSS 2.0/3.0 - AIXUnix

SYSTEM AND COMMUNICATIONS PROTECTION

PCI 2.2.4 - Verify that common security parameter settings are included - NIS - '/var/yp/securenets includes no other subnets'PCI DSS 2.0/3.0 - AIXUnix

SYSTEM AND COMMUNICATIONS PROTECTION

PCI 2.2.4 - Verify that common security parameter settings are included - SNMP - 'all communities have IP access restrictions'PCI DSS 2.0/3.0 - AIXUnix

SYSTEM AND COMMUNICATIONS PROTECTION

PCI 10.5.4 - Write logs for external-facing technologies onto a log server on the internal LAN - Accept remote messages disabledPCI DSS 2.0/3.0 - AIXUnix

SYSTEM AND COMMUNICATIONS PROTECTION

Port securityArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION

Port security auto-recoveryArubaOS Switch 16.x Hardening Guide v1.0.0ArubaOS

SYSTEM AND COMMUNICATIONS PROTECTION