| 1.2 Install TCP Wrappers - Allow localhost. Note: Replace 172.16.100.0/255.255.255.0 with a network block in use at your organization. | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Install TCP Wrappers - Deny access to this server from all networks | CIS Solaris 9 v1.3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Allow localhost. | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Configure TCP Wrappers - Deny access to this server from all networks | CIS Solaris 10 L1 v5.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.2 - TCP Wrappers - creating a hosts.deny file - configuration - 'hosts.deny file contains ALL:ALL' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.10.3 - TCP Wrappers - creating a hosts.allow file - configuration - 'hosts.allow has been configured' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.allow | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.allow | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.deny | CIS Solaris 11.1 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Configure TCP Wrappers - hosts.deny | CIS Solaris 11.2 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Configure TCP Wrappers - hosts.allow | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Configure TCP Wrappers - hosts.deny | CIS Solaris 11 L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.2 Ensure /etc/hosts.allow is configured | CIS SUSE Linux Enterprise Server 12 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure /etc/hosts.deny is configured | CIS SUSE Linux Enterprise Workstation 12 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure /etc/hosts.deny is configured | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure /etc/hosts.deny is configured | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.3 Ensure /etc/hosts.deny is configured | CIS SUSE Linux Enterprise Server 12 L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure IPv6 default deny firewall policy | CIS Oracle Linux 7 Workstation L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.3.3.1 Ensure IPv6 default deny firewall policy | CIS Oracle Linux 7 Server L1 v3.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.6 Ensure 'Default Window Management permissions setting' Is 'Enabled' to 'Deny Permission' | CIS Google Chrome L2 v3.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.2 Create /etc/hosts.allow 'ALL:aaa.bbb.ccc.ddd/www.xxx.yyy.zzz | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.5.4 Create /etc/hosts.deny | CIS Red Hat Enterprise Linux 5 L1 v2.2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.2 Create /etc/hosts.allow | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.2 Create /etc/hosts.allow | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.4 Create /etc/hosts.deny | CIS Ubuntu 12.04 LTS Benchmark L1 v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4.4 Create /etc/hosts.deny | CIS Debian Linux 7 L1 v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Adtran : Firewall - Deny by Default ACL | TNS Adtran AOS Best Practice Audit | Adtran | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Ensure the last term, default-deny, includes the syslog option | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Firewall Filter - Protect the Routing Engine using a default deny firewall filter | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - client-list restrict | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management Services Security - Allow SNMP queries and/or send traps to more than one trusted server - clients restrict | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 1.2 Build firewall and router configurations that restrict connections between untrusted networks | PCI DSS 2.0/3.0 - Red Hat Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 1.2 Firewall/router configuration restrict connections between untrusted networks and cardholder data environment. - TCP Wrappers | PCI DSS 2.0/3.0 - Solaris 10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 1.2.1/1.3/1.3.2 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment | PCI DSS 2.0/3.0 - Red Hat Linux | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 1.2.1/1.3/1.3.2 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment. - /etc/hosts.allow | PCI DSS 2.0/3.0 - Solaris 10 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 7.2.3 - Default 'deny-all' setting - '/etc/hosts.deny file contains ALL:ALL' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PCI 7.2.3 - Default 'deny-all' setting - 'hosts.allow contains %VALUE%' | PCI DSS 2.0/3.0 - AIX | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:DMZ to Trust - Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:DMZ to Untrust - Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust to DMZ - Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Trust to Untrust - Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Untrust to DMZ- Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Untrust to Trust- Any Any Any Policies | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| ScreenOS:Untrust Zone - Block Intrazone Traffic | TNS Juniper ScreenOS Best Practices Audit | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| The hosts.allow file limits access to the local network | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| The hosts.deny file blocks access by default | TNS Citrix Hypervisor | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - The hosts.deny file blocks access by default | TNS Citrix XenServer | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
