| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.1 Restrict Access to VTY Sessions | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled | CIS Palo Alto Firewall 11 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled | CIS Palo Alto Firewall 10 v1.2.0 L1 | Palo_Alto | ACCESS CONTROL |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS | CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.2 If SNMPv2 is in use, set Restrictions on Access | CIS Cisco NX-OS L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Set the ACL for each 'snmp-server community' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set 'snmp-server host' when using SNMP | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Set 'snmp-server enable traps snmp' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Restrict VTY Access | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions | CIS Cisco NX-OS L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.12 (L2) Host integrated hardware management controller must deactivate internal networking | CIS VMware ESXi 8.0 v1.1.0 L2 | VMware | CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure all the login accounts having specific trusted hosts enabled | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Enable the Firewall Stealth Rule | CIS Check Point Firewall L2 v1.1.0 | CheckPoint | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.1 Ensure Caller ID is set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure access profile is set to use CHAP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3 Ensure SharePoint implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers. | CIS Microsoft SharePoint 2019 OS v1.0.0 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Ensure Common SNMP Community Strings are NOT used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure a client list is set for SNMPv1/v2 communities | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.8 Ensure interface restrictions are set for SNMP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.9 Ensure SNMP is set to OOB management only | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10.2.6 Ensure Web-Management Interface Restriction is Set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10.2.7 Ensure Web-Management Interface Restriction is set to OOB Management | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
