Prevent syslog from accepting messages from the network., CC ID: 01562
Prevent X server from listening on port 6000/tcp., CC ID: 01565
Configure the Intrusion Detection System and the Intrusion Prevention System to accept the organizational vulnerability scanning host or vendor's originating IP address., CC ID: 01645
Configure the "Network access: Allow anonymous SID/Name translation" setting to organizational standards., CC ID: 01717
Configure the "Network access: Do not allow anonymous enumeration of SAM accounts" setting., CC ID: 01718
Configure the "Network access: Do not allow anonymous enumeration of SAM accounts and shares" setting., CC ID: 01719
Enable Data Execution Protection for all applications., CC ID: 01720
Enable digital encryption or digital signatures of secure channel data., CC ID: 01736
Enable digital signatures of communications using the Server Message Block protocol., CC ID: 01762
Configure the "Microsoft network client: Send unencrypted password to connect to third-party SMB servers" setting., CC ID: 01764
Configure the amount of idle time required before disconnecting an idle session., CC ID: 01763
Enable the disconnect clients setting (server) or force logoff setting (client) if the account's allotted logon period expire., CC ID: 01765
Configure the "Network access: Do not allow storage of credentials or .NET Passports for network authentication" setting., CC ID: 01766
Configure the "Network access: Let Everyone permissions apply to anonymous users" setting., CC ID: 01767
Configure the "Network access: Named pipes that can be accessed anonymously" setting., CC ID: 01768
Configure the "Network access: Remotely accessible registry paths" setting., CC ID: 01769
Configure the "Network access: Sharing and security model for local accounts" setting., CC ID: 01771
Configure the "Network security: Do not store LAN Manager hash value on next password change" setting., CC ID: 01772
Configure the "Network security: LAN Manager authentication level" setting., CC ID: 01773
Configure the "Network security: LDAP client signing requirements" setting., CC ID: 01774
Configure Lightweight Directory Access Protocol connections for security., CC ID: 04451
Configure the least session security for NT LM Security Support Provider based clients (including secure RPC) and servers settings., CC ID: 01775
Enable the LDAP cache manager as necessary., CC ID: 01460
Configure firewalls in accordance with organizational standards., CC ID: 01926
Disable Internet Connection Sharing., CC ID: 02035
Set the apache2 server's ServerTokens value properly., CC ID: 05720
Set the apache2 server's ServerSignature value properly., CC ID: 05721
Configure "Configuration of wireless settings using Windows Connect Now" to organizational standards., CC ID: 05722
Configure X11 forwarding via Secure Shell, as appropriate., CC ID: 05723
Enable the NIS passwd daemon as necessary., CC ID: 05725
Enable the NIS update daemon as necessary., CC ID: 05726
Enable the NIS xfr daemon as necessary., CC ID: 05727
Enable or disable strict destination multihoming, as appropriate., CC ID: 05728
Enable or disable IPv4 strict multihoming, as appropriate., CC ID: 05729
Enable the appropriate tunneling protocol for Internet Protocol version 6., CC ID: 05730
Enable or disable the automatic loading of the IPv6 kernel module, as appropriate., CC ID: 05731
Configure the router advertisements settings to organizational standards., CC ID: 05732
Configure IPv6 privacy extensions properly., CC ID: 05733
Set the default number of global unicast IPv6 addresses allowed per network interface properly., CC ID: 05734
Set the default number of IPv6 router solicitations for network interfaces to send properly., CC ID: 05735
Set the default number of IPv6 duplicate address detection solicitations for network interfaces to send per configured network address properly., CC ID: 05736
Enable or disable IPv6 strict multihoming, as appropriate., CC ID: 05737
Enable or disable IP routing, as appropriate., CC ID: 05738
Enable or disable reverse source routed packets, as appropriate., CC ID: 05739
Restrict packet forwarding, as appropriate., CC ID: 05740
Set unestablished TCP connection queues and established TCP connection queues properly., CC ID: 05741
Enable or disable the LDAP dynamic updates feature, as appropriate., CC ID: 05742
Configure the "Prohibit use of Internet Connection Firewall on your DNS domain network" setting properly., CC ID: 05743
Enable or disable printing services through inetd, as appropriate., CC ID: 05744
Enable or disable firewall access to printing services, as appropriate., CC ID: 05745
Set the Secure Shell largest number for authentication retries., CC ID: 05749
Configure the "Server SPN target name validation level" properly., CC ID: 06067
Configure the "Allow Local System NULL session fallback" setting properly., CC ID: 06068
Configure the "Restrict NTLM" settings properly., CC ID: 06069
Configure the "Allow Local System to use computer identity for NTLM" setting properly., CC ID: 06070
Configure the "Configure encryption types allowed for Kerberos" setting properly., CC ID: 06071
Configure the "Allow PKU2U authentication requests to this computer to use online identities" setting properly., CC ID: 06072
Configure wireless communication to be encrypted using strong cryptography., CC ID: 06078
Reserve the use of VLAN1 to in-band management., CC ID: 06413
Disallow Internet Protocol (IP) directed broadcasts., CC ID: 06571
Configure the "source-routed packets" setting to organizational standards., CC ID: 08977
Disable feedback on protocol format validation errors., CC ID: 10646
Configure the "6to4 Relay Name" setting to organizational standards., CC ID: 10688
Configure the "6to4 Relay Name Resolution Interval" setting to organizational standards., CC ID: 10689
Configure the "6to4 State" setting to organizational standards., CC ID: 10690
Configure the "Automated Site Coverage by the DC Locator DNS SRV Records" setting to organizational standards., CC ID: 10759
Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards., CC ID: 10764
Configure the "Best effort service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards., CC ID: 10765
Configure the "Best effort service type link layer (Layer-2) priority value" setting to organizational standards., CC ID: 10766
Configure the "BranchCache for network files" setting to organizational standards., CC ID: 10776
Configure the "Network Options preference logging and tracing" setting to organizational standards., CC ID: 10796
Configure the "Network Shares preference logging and tracing" setting to organizational standards., CC ID: 10797
Configure the "slow-link mode" setting to organizational standards., CC ID: 10820
Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards., CC ID: 10826
Configure the "Controlled load service type Layer-3 Differentiated Services Code Point (DSCP) for packets that do not conform to the flow specification" setting to organizational standards., CC ID: 10827
Configure the "Controlled load service type link layer (Layer-2) priority value" setting to organizational standards., CC ID: 10828
Configure the "Corporate DNS Probe Host Address" setting to organizational standards., CC ID: 10829
Configure the "Corporate DNS Probe Host Name" setting to organizational standards., CC ID: 10830
Configure the "Corporate Site Prefix List" setting to organizational standards., CC ID: 10831
Configure the "Corporate Website Probe URL" setting to organizational standards., CC ID: 10832
Configure the "DC Locator DNS records not registered by the DCs" setting to organizational standards., CC ID: 10838
Configure the "DNS Suffix Search List" setting to organizational standards., CC ID: 10890
Configure the "Do not detect slow network connections" setting to organizational standards., CC ID: 10926
Configure the "Do not show the "local access only" network icon" setting to organizational standards., CC ID: 10936
Configure the "Dynamic Registration of the DC Locator DNS Records" setting to organizational standards., CC ID: 10943
Configure the "Group Policy slow link detection" setting to organizational standards., CC ID: 10982
Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards., CC ID: 10983
Configure the "Guaranteed service type Layer-3 Differentiated Services Code Point for packets that do not conform to the flow specification" setting to organizational standards., CC ID: 10984
Configure the "Guaranteed service type link layer (Layer-2) priority value" setting to organizational standards., CC ID: 10985
Configure the "Limit the maximum network bandwidth used for Peercaching" setting to organizational standards., CC ID: 11017
Configure the "Location of the DCs hosting a domain with single label DNS name" setting to organizational standards., CC ID: 11024
Configure the "Minimum Idle Connection Timeout for RPC/HTTP connections" setting to organizational standards., CC ID: 11046
Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards., CC ID: 11049
Configure the "Network control service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards., CC ID: 11050
Configure the "Network control service type link layer (Layer-2) priority value" setting to organizational standards., CC ID: 11051
Configure the "Network Projector Port Setting" setting to organizational standards., CC ID: 11052
Configure the "Override the More Gadgets link" setting to organizational standards., CC ID: 11060
Configure the "Prevent backing up to network location" setting to organizational standards., CC ID: 11070
Configure the "Primary DNS Suffix" setting to organizational standards., CC ID: 11094
Configure the "Primary DNS Suffix Devolution" setting to organizational standards., CC ID: 11095
Configure the "Priority Set in the DC Locator DNS SRV Records" setting to organizational standards., CC ID: 11099
Configure the "Prohibit installation and configuration of Network Bridge on your DNS domain network" setting to organizational standards., CC ID: 11102
Configure the "Prompt user when a slow network connection is detected" setting to organizational standards., CC ID: 11109
Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that conform to the flow specification" setting to organizational standards., CC ID: 11113
Configure the "Qualitative service type Layer-3 Differentiated Services Code Point (DSCP) value for packets that do not conform to the flow specification" setting to organizational standards., CC ID: 11114
Configure the "Qualitative service type link layer (Layer-2) priority value" setting to organizational standards., CC ID: 11115
Configure the "Refresh Interval of the DC Locator DNS Records" setting to organizational standards., CC ID: 11119
Configure the "Register DNS records with connection-specific DNS suffix" setting to organizational standards., CC ID: 11120
Configure the "Require domain users to elevate when setting a network's location" setting to organizational standards., CC ID: 11133
Configure the "Route all traffic through the internal network" setting to organizational standards., CC ID: 11149
Configure the "Set a support web page link" setting to organizational standards., CC ID: 11171
Configure the "Set PNRP cloud to resolve only" setting for "IPv6 Link Local" to organizational standards., CC ID: 11179
Configure the "Set the Seed Server" setting for "IPv6 Link Local" to organizational standards., CC ID: 11190
Configure the "Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards., CC ID: 11197
Configure the "Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers" setting to organizational standards., CC ID: 11198
Configure the "Sites Covered by the Application Directory Partition Locator DNS SRV Records" setting to organizational standards., CC ID: 11202
Configure the "Sites Covered by the DC Locator DNS SRV Records" setting to organizational standards., CC ID: 11203
Configure the "Sites Covered by the GC Locator DNS SRV Records" setting to organizational standards., CC ID: 11204
Configure the "Slow network connection timeout for user profiles" setting to organizational standards., CC ID: 11205
Configure the "TTL Set in the DC Locator DNS Records" setting to organizational standards., CC ID: 11252
Configure the "Turn off Connect to a Network Projector" setting to organizational standards., CC ID: 11272
Configure the "Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com" setting to organizational standards., CC ID: 11283
Configure the "Turn off Microsoft Peer-to-Peer Networking Services" setting to organizational standards., CC ID: 11289
Configure the "Turn off Multicast Bootstrap" setting for "IPv6 Link Local" to organizational standards., CC ID: 11291
Configure the "Turn off PNRP cloud creation" setting for "IPv6 Link Local" to organizational standards., CC ID: 11299
Configure the "Turn off Registration if URL connection is referring to Microsoft.com" setting to organizational standards., CC ID: 11305
Configure the "Turn off Windows Network Connectivity Status Indicator active tests" setting to organizational standards., CC ID: 11328
Configure the "Weight Set in the DC Locator DNS SRV Records" setting to organizational standards., CC ID: 11371
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Set appropriate network parameter modifications. (§ 4.2, The Center for Internet Security AIX Benchmark, 1.0.1)
Set appropriate network parameter modifications. (§ 4.2, The Center for Internet Security HP-UX Benchmark, 1.4.2)
Set appropriate network parameter modifications. (§ 4.1, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.0.5)
Set appropriate network parameter modifications. (§ 4.1, The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.1.1)
Set appropriate network parameter modifications. (§ 4.1, The Center for Internet Security Slackware Linux Benchmark, 1.1)
Set appropriate network parameter modifications. (§ 3.5, The Center for Internet Security Solaris 10 Benchmark, 2.1.2)
Set appropriate network parameter modifications. (§ 4.4, The Center for Internet Security Solaris Benchmark, 1.5.0)
Set appropriate network parameter modifications. (§ 4.1, The Center for Internet Security SuSE Linux Enterprise Server Benchmark, 2)
Examine configurations for NSCs to verify that configurations identified as no longer being supported by a business justification are removed or updated. (1.2.7.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Examine network configuration settings to identify changes made to configurations of NSCs. Interview responsible personnel and examine change control records to verify that identified changes to configurations of NSCs were approved and managed in accordance with Requirement 6.5.1. (1.2.2.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
Network devices should be subject to standard security management practices, which includes applying a comprehensive set of management tools (e.g., maintenance utilities, remote support, and enterprise management tools). (CF.09.01.03c, The Standard of Good Practice for Information Security)
Information Systems and networks accessible by external connections should be designed to achieve technical compatibility (e.g., using standards for information formats and communications protocols). (CF.09.03.02a, The Standard of Good Practice for Information Security)
Filtering of network traffic should be based on predefined rules (or tables) that have been developed by trusted individuals. (CF.09.04.07a, The Standard of Good Practice for Information Security)
Network devices should be subject to standard security management practices, which includes applying a comprehensive set of management tools (e.g., maintenance utilities, remote support, and enterprise management tools). (CF.09.01.03c, The Standard of Good Practice for Information Security, 2013)
Information Systems and networks accessible by external connections should be designed to achieve technical compatibility (e.g., using standards for information formats and communications protocols). (CF.09.03.02a, The Standard of Good Practice for Information Security, 2013)
Filtering of network traffic should be based on predefined rules (or tables) that have been developed by trusted individuals. (CF.09.04.07a, The Standard of Good Practice for Information Security, 2013)
By ensuring the proper configuration of network parameters, the system can aid in the defense against attacks. The system administrator should ensure network parameters are securely set. (§ 3.20.5, Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1, Version 5, Release 1)
The information assurance officer or network security officer must ensure Mandatory Access Control addresses are statically configured for all access ports that use Mandatory Access Control filtering for logical port security. (§ 3.4.1.3.2 ¶ AC34.030, DISA Access Control STIG, Version 2, Release 3)
The operating system must not allow users the ability to change security settings without prior approval. (§ 5.1, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
Modify network parameters. The S69netconfig script will be executed at boot time to reconfigure various network parameters. (§ 4.4, NSA Guide to the Secure Configuration of Solaris 9, Version 1.0)