| 1.2 Ensure End of Life JUNOS Devices are not used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.4 Recommend Accounting of Interactive Commands (where External AAA is used) | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | AUDIT AND ACCOUNTABILITY |
| 6.6.1.2 Ensure Max Login Backoff Threshold of 2 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 6.7.1 Ensure External NTP Servers are set | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | AUDIT AND ACCOUNTABILITY |
| 6.7.4 Ensure NTP uses version 4 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | AUDIT AND ACCOUNTABILITY |
| 6.8.5 Ensure Source-Address is set for External AAA Servers | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.11.2 Ensure Auxiliary Port is Set as Insecure If Used | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| ARST-RT-000800 - The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| BIND-9X-001702 - The BIND 9.x server implementation must prohibit the forwarding of queries to servers controlled by organizations outside of the U.S. Government. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| DISA STIG VMware vSphere ESXi 6 Security Technical Implementation Guide Version 1 Release 5 | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | |
| DISA_STIG_JRE_8_Windows_v2r1.audit for DISA Oracle Java Runtime Environment (JRE) Version 8 for Windows v2r1 STIG | DISA STIG Oracle JRE 8 Windows v2r1 | Windows | |
| DISA_STIG_McAfee_VirusScan_8.8_Managed_Client_v6r1.audit from DISA McAfee VirusScan 8.8 Managed Client Security Technical implementation Guide v6r1 STIG | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Local_Client_v1r6.audit from DISA McAfee VSEL 1.9/2.0 Local Client v1r6 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Managed_Client_v1r5.audit from DISA McAfee VSEL 1.9/2.0 Managed Client v1r5 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | |
| DISA_STIG_Microsoft_Office_Access_2016_v1r1.audit for Microsoft Office Access 2016, from DISA STIG Microsoft Office Access 2016 v1r1 | DISA STIG Microsoft Office Access 2016 v1r1 | Windows | |
| DISA_STIG_Microsoft_OneNote_2016_v1r2.audit for Microsoft OneNote 2016, from DISA STIG Microsoft OneNote 2016 v1r2 | DISA STIG Microsoft OneNote 2016 v1r2 | Windows | |
| DISA_STIG_Microsoft_Publisher_2016_v1r3.audit for Microsoft Publisher 2016, from DISA STIG Microsoft Publisher 2016 v1r3 | DISA STIG Microsoft Publisher 2016 v1r3 | Windows | |
| DISA_STIG_Microsoft_Visio_2016_v1r1.audit for Microsoft Visio 2016, from DISA STIG Microsoft Visio 2016 v1r1 | DISA STIG Microsoft Visio 2016 v1r1 | Windows | |
| DISA_STIG_Server_2012_and_2012_R2_DC_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Domain Controller v3r7 STIG | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | |
| DISA_STIG_Server_2012_and_2012_R2_MS_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Member Server v3r7 STIG | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | |
| DISA_STIG_Splunk_Enterprise_7.x_for_Windows_OS_v3r1.audit from DISA Splunk Enterprise 7.x for Windows v3r1 STIG | DISA STIG Splunk Enterprise 7.x for Windows v3r1 OS | Windows | |
| DISA_STIG_Splunk_Enterprise_7.x_for_Windows_REST_API_v3r1.audit from DISA Splunk Enterprise 7.x for Windows v3r1 STIG | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | |
| DISA_STIG_Splunk_Enterprise_8.x_for_Linux_OS_v2r1.audit from DISA Splunk Enterprise 8.x for Linux v2r1 STIG | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG OS | Unix | |
| DISA_STIG_Splunk_Enterprise_8.x_for_Linux_REST_API_v2r1.audit from DISA Splunk Enterprise 8.x for Linux v2r1 STIG | DISA STIG Splunk Enterprise 8.x for Linux v2r1 STIG REST API | Splunk | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Lookup_Service_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| JUSX-DM-000030 - For local accounts created on the device, the Juniper SRX Services Gateway must enforce the limit of three consecutive invalid logon attempts by a user during a 15-minute time period. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL |
| JUSX-DM-000084 - If the loopback interface is used, the Juniper SRX Services Gateway must protect the loopback interface with firewall filters for known attacks that may exploit this interface. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000096 - The Juniper SRX Services Gateway must be configured to use an authentication server to centrally apply authentication and logon settings for remote and nonlocal access for device management. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUSX-DM-000109 - For nonlocal maintenance sessions, the Juniper SRX Services Gateway must remove or explicitly deny the use of nonsecure protocols. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000110 - The Juniper SRX Services Gateway must authenticate NTP servers before establishing a network connection using bidirectional authentication that is cryptographically based. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-DM-000114 - The Juniper SRX Services Gateway must ensure TCP forwarding is disabled for SSH to prevent unauthorized access. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000163 - The Juniper SRX Services Gateway must limit the number of sessions per minute to an organization-defined number for SSH to protect remote access management from unauthorized access. | DISA Juniper SRX Services Gateway NDM v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000010 - The Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-IP-000017 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-VN-000011 - If IDPS inspection is performed separately from the Juniper SRX Services Gateway VPN device, the VPN must route sessions to an IDPS for inspection. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-VN-000016 - The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | CONFIGURATION MANAGEMENT |
