| Access control lists | SYSTEM AND COMMUNICATIONS PROTECTION |
| Auditing and logging - server | AUDIT AND ACCOUNTABILITY |
| Auditing and logging - severity | AUDIT AND ACCOUNTABILITY |
| Authorized IP managers | SYSTEM AND COMMUNICATIONS PROTECTION |
| Centralized authentication - configuration | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - server | IDENTIFICATION AND AUTHENTICATION |
| Console inactivity timer | ACCESS CONTROL |
| Control Plane Policing | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - authorized-server | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - global | SYSTEM AND COMMUNICATIONS PROTECTION |
| DHCP snooping - port trust and vlans | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - global | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - port trust, vlans, and validate | SYSTEM AND COMMUNICATIONS PROTECTION |
| Enhanced secure mode | CONFIGURATION MANAGEMENT |
| Failed authentication lockout - lockout-delay | ACCESS CONTROL |
| Failed authentication lockout - num-attempts | ACCESS CONTROL |
| Front panel security | SYSTEM AND COMMUNICATIONS PROTECTION |
| Hiding sensitive data | CONFIGURATION MANAGEMENT |
| HTTP vs. HTTPS - idle-timeout | ACCESS CONTROL |
| HTTP vs. HTTPS - plaintext | CONFIGURATION MANAGEMENT |
| HTTP vs. HTTPS - ssl | SYSTEM AND COMMUNICATIONS PROTECTION |
| Local password complexity - password complexity all | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password composition lowercase | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password composition number | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password composition specialcharacter | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password composition uppercase | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password configuration aging | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password configuration history | IDENTIFICATION AND AUTHENTICATION |
| Local password complexity - password minimum-length | IDENTIFICATION AND AUTHENTICATION |
| Login banner - banner exec | ACCESS CONTROL |
| Login banner - banner motd | ACCESS CONTROL |
| MACsec | SYSTEM AND COMMUNICATIONS PROTECTION |
| Management VLAN | CONFIGURATION MANAGEMENT |
| Out-of-Band Management port | SYSTEM AND COMMUNICATIONS PROTECTION |
| Port security | SYSTEM AND COMMUNICATIONS PROTECTION |
| Port security auto-recovery | SYSTEM AND COMMUNICATIONS PROTECTION |
| RADIUS and TACACS+ authorization and accounting - accounting commands | IDENTIFICATION AND AUTHENTICATION |
| RADIUS and TACACS+ authorization and accounting - accounting exec | IDENTIFICATION AND AUTHENTICATION |
| RADIUS and TACACS+ authorization and accounting - authorization commands access-level | IDENTIFICATION AND AUTHENTICATION |
| RADIUS and TACACS+ authorization and accounting - authorization commands auto | IDENTIFICATION AND AUTHENTICATION |
| Server-supplied privilege level | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmp community | IDENTIFICATION AND AUTHENTICATION |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 enable | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| SNMPv1 and v2c vs SNMPv3 - snmpv3 only | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Storing credentials in the switch configuration | IDENTIFICATION AND AUTHENTICATION |
| Switch identity profile | SYSTEM AND COMMUNICATIONS PROTECTION |
| Telnet vs. Secure Shell - idle-timeout | ACCESS CONTROL |
| Telnet vs. Secure Shell - ip ssh | CONFIGURATION MANAGEMENT |
| Telnet vs. Secure Shell - no telnet-server | CONFIGURATION MANAGEMENT |
| TFTP vs SFTP and SCP - ip ssh filetransfer | SYSTEM AND COMMUNICATIONS PROTECTION |
