| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000160 - The Cisco switch must have Storm Control configured on all host-facing switchports. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000180 - The Cisco switch must implement Rapid Spanning Tree Protocol (STP) where VLANs span multiple switches with redundant links. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | ACCESS CONTROL |
| CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001220 - The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco switch must be configured to have IP directed broadcast disabled on all interfaces. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000236 - The Cisco switch must be configured to advertise a hop limit of at least 32 in Switch Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco switch must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000310 - The Cisco perimeter switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000360 - The Cisco perimeter switch must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000391 - The Cisco perimeter switch must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco switch must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE switch must be configured to ignore or drop all packets with any IP options. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000810 - The Cisco multicast edge switch must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000890 - The Cisco multicast Designated switch (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Microsoft_Project_2016_v1r1.audit for Microsoft Project 2016, from DISA STIG Microsoft Project 2016 v1r1 | DISA STIG Microsoft Project 2016 v1r1 | Windows | |
| DISA_STIG_Splunk_Enterprise_7.x_for_Windows_REST_API_v3r2.audit from DISA Splunk Enterprise 7.x for Windows v3r2 STIG | DISA STIG Splunk Enterprise 7.x for Windows v3r2 REST API | Splunk | |
| DISA_STIG_Splunk_Enterprise_8.x_for_Linux_REST_API_v2r3.audit from DISA Splunk Enterprise 8.x for Linux v2r3 STIG | DISA STIG Splunk Enterprise 8.x for Linux v2r3 STIG REST API | Splunk | |
| IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines. | DISA IIS 10.0 Site v2r14 | Windows | CONFIGURATION MANAGEMENT |
