| 1.2 Ensure End of Life JUNOS Devices are not used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.3.2 Ensure Local Accounts can ONLY be used during loss of external AAA | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 6.6.1.2 Ensure Max Login Backoff Threshold of 2 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| AOSX-15-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r5 | Unix | CONFIGURATION MANAGEMENT |
| APPL-11-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 11 v1r8 | Unix | CONFIGURATION MANAGEMENT |
| APPL-12-000016 - The macOS system must be integrated into a directory services infrastructure. | DISA STIG Apple macOS 12 v1r9 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000260 - The Arista router must be configured to have all non-essential capabilities disabled. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| Big Sur - Integrate System into a Directory Services Infrastructure | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| Catalina - Integrate System into a Directory Services Infrastructure | NIST macOS Catalina v1.5.0 - All Profiles | Unix | CONFIGURATION MANAGEMENT |
| DISA_MongoDB_Enterprise_Advanced_7.x_STIG_v1r1_Unix.audit from DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | DISA MongoDB Enterprise Advanced 7.x STIG v1r1 | Unix | |
| DISA_STIG_AIX_7.x_v3r1.audit from DISA IBM AIX 7.x v3r1 STIG | DISA STIG AIX 7.x v3r1 | Unix | |
| DISA_STIG_Apache_Server-2.4_Unix_v3r2_Middleware.audit from DISA Apache Server 2.4 UNIX Server v3r2 STIG | DISA STIG Apache Server 2.4 Unix Server v3r2 Middleware | Unix | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r6_Middleware.audit from DISA Apache Server 2.4 UNIX Site v2r6 STIG | DISA STIG Apache Server 2.4 Unix Site v2r6 Middleware | Unix | |
| DISA_STIG_Apple_macOS_11_v1r5.audit from DISA Apple macOS 11 (Big Sur) v1r5 STIG | DISA STIG Apple macOS 11 v1r5 | Unix | |
| DISA_STIG_Apple_macOS_11_v1r8.audit from DISA Apple macOS 11 (Big Sur) v1r8 STIG | DISA STIG Apple macOS 11 v1r8 | Unix | |
| DISA_STIG_Apple_OS_X_10.14_v2r6.audit from DISA Apple OS X 10.14 (Mojave) v2r6 STIG | DISA STIG Apple Mac OSX 10.14 v2r6 | Unix | |
| DISA_STIG_Cloud_Linux_AlmaLinux_OS_9_v1r5.audit from DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | |
| DISA_STIG_JBoss_EAP_6.3_v2r6.audit from DISA JBoss Enterprise Application Platform 6.3 v2r6 STIG | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | |
| DISA_STIG_McAfee_VirusScan_8.8_Local_Client_v6r1.audit from DISA McAfee VirusScan 8.8 Local Client v6r1 STIG | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | |
| DISA_STIG_Microsoft_Exchange_2019_Edge_Server_v2r2.audit from DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | |
| DISA_STIG_Microsoft_Exchange_2019_Mailbox_Server_v2r3.audit from DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r3 | Windows | |
| DISA_STIG_Red_Hat_Enterprise_Linux_8_v2r7.audit from DISA Red Hat Enterprise Linux 8 STIG v2r7 | DISA Red Hat Enterprise Linux 8 STIG v2r7 | Unix | |
| DISA_STIG_Red_Hat_Enterprise_Linux_9_v2r8.audit from DISA Red Hat Enterprise Linux 9 STIG v2r8 | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | |
| DISA_STIG_Red_Hat_Enterprise_Linux_10_v1r1.audit from DISA Red Hat Enterprise Linux 10 STIG v1r1 | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | |
| DISA_STIG_RHEL_6_v2r2.audit from DISA Red Hat Enterprise Linux 6 v2r2 STIG | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | |
| DISA_STIG_SLES_12_v3r4.audit from DISA SUSE Linux Enterprise Server 12 v3r4 STIG | DISA SLES 12 STIG v3r4 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_EAM_Tomcat_v1r4.audit from DISA VMware vSphere 6.7 EAM Tomcat v1r4 STIG | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_Perfcharts_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 Perfcharts Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_Photon_OS_v1r6.audit from DISA VMware vSphere 6.7 Photon OS v1r6 STIG | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 UI Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_Virgo_Client_v1r2.audit from DISA VMware vSphere 6.7 Virgo-Client v1r2 STIG | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | |
| JUEX-RT-000350 - The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000390 - The Juniper router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000430 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000460 - The Juniper out-of-band management (OOBM) gateway must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000500 - The Juniper perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUEX-RT-000590 - The Juniper router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000620 - The Juniper router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000720 - The Juniper BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000740 - The Juniper perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000790 - The Juniper multicast Designated Router (DR) must be configured to filter the IGMP and MLD Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000800 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000830 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000850 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000910 - The Juniper MPLS router must be configured to have TTL Propagation disabled. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000990 - The Juniper router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-IP-000017 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000016 - The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | CONFIGURATION MANAGEMENT |
