| CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000090 - The Cisco router must be configured to automatically audit account creation. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000100 - The Cisco router must be configured to automatically audit account modification. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000160 - The Cisco router must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000880 - The Cisco router must be configured to automatically audit account enabling actions. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | MAINTENANCE |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco IOS-XR Router NDM v3r2 | Cisco | MAINTENANCE |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000150 - The Cisco router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000210 - The Cisco router must be configured to produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000310 - The Cisco perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC). | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups - MSDP source-active entries. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000910 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| JUEX-RT-000440 - The Juniper PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000710 - The Juniper PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
