| OS10-L2S-000020 - The Dell OS10 Switch must uniquely identify all network-connected endpoint devices before establishing any connection. | IDENTIFICATION AND AUTHENTICATION |
| OS10-L2S-000040 - The Dell OS10 Switch must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000090 - The Dell OS10 Switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000100 - The Dell OS10 Switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000110 - The Dell OS10 Switch must have STP Loop Guard enabled on all nondesignated STP switch ports. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000120 - The Dell OS10 Switch must have Unknown Unicast Flood Blocking (UUFB) enabled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000130 - The Dell OS10 Switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000140 - The Dell OS10 Switch must have Source Address Validation (SAV) enabled on all user-facing or untrusted access switch ports. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000150 - The Dell OS10 Switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000160 - The Dell OS10 Switch must have Storm Control configured on all host-facing switch ports. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000170 - The Dell OS10 Switch must have IGMP or MLD Snooping configured on all VLANs | CONFIGURATION MANAGEMENT |
| OS10-L2S-000180 - The Dell OS10 Switch must implement Rapid Spanning Tree Protocol (STP) where VLANs span multiple switches with redundant links. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000190 - The Dell OS10 Switch must enable Far-End Failure Detection (FEFD) to protect against one-way connections. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000210 - The Dell OS10 Switch must have all disabled switch ports assigned to an unused VLAN. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000220 - The Dell OS10 Switch must not have the default VLAN assigned to any host-facing switch ports. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000230 - The Dell OS10 Switch must have the default VLAN pruned from all trunk ports that do not require it. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000240 - The Dell OS10 Switch must not use the default VLAN for management traffic. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000250 - The Dell OS10 Switch must have all user-facing or untrusted ports configured as access switch ports. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000270 - The Dell OS10 Switch must not have any switch ports assigned to the native VLAN. | CONFIGURATION MANAGEMENT |
| OS10-L2S-000300 - The Dell OS10 Switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions. | CONFIGURATION MANAGEMENT |