| CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred. | DISA Cisco IOS XR Router NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA Cisco IOS XE Router NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS XR Router NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001140 - The Cisco router must be configured to encrypt SNMP messages using a FIPS 140-2 approved algorithm. | DISA Cisco IOS XR Router NDM STIG v3r6 | Cisco | ACCESS CONTROL |
| CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA Cisco IOS XR Router NDM STIG v3r6 | Cisco | MAINTENANCE |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA Cisco IOS XR Router NDM STIG v3r6 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000090 - The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000200 - The Cisco router must be configured to log all packets that have been dropped at interfaces via ACL. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000220 - The Cisco router must be configured to produce audit records containing information to establish the source of the events. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000690 - The Cisco PE router must be configured to enforce the split-horizon rule for all pseudowires within a Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000720 - The Cisco PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial of service (DoS) attacks. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000780 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000810 - The Cisco multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - PORT = 1521, 1575, 1830, 2481, 2482, 2483 or 2484' - listener.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
