| CISC-ND-000090 - The Cisco router must be configured to automatically audit account creation. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000100 - The Cisco router must be configured to automatically audit account modification. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000470 - The Cisco router must be configured to be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | MAINTENANCE |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000150 - The Cisco router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an Interior Gateway Protocol (IGP) peering with the NIPRNet or to other autonomous systems. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate Interior Gateway Protocol (IGP) instances for the managed network and management network. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000530 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24, or the least significant prefixes issued to the customer. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000880 - The Cisco multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000890 - The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONTINGENCY PLANNING |
