| 1.114 WN10-CC-000063 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | CONFIGURATION MANAGEMENT |
| 2.3.1 Authentication | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.1 Authentication | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.4 Ensure loose authentication check is not configured | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 4.7.2 Ensure authentication is set to AES-CMAC | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000030 - The Arista BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000030 - The Arista BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000120 - The Arista multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000120 - The Arista multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000150 - The Arista router must be configured to have all inactive interfaces disabled. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000150 - The Arista router must be configured to have all inactive interfaces disabled. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000230 - The Arista router must be configured to produce audit records containing information to establish where the events occurred. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| ARST-RT-000230 - The Arista router must be configured to produce audit records containing information to establish where the events occurred. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | AUDIT AND ACCOUNTABILITY |
| ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000800 - The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000800 - The Arista perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication with FIPS-compliant algorithms. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate Interior Gateway Protocol (IGP) instances for the managed network and management network. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000560 - The Cisco BGP switch must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000580 - The Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize Interior Gateway Protocol (IGP) and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONTINGENCY PLANNING |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Secure_Token_Service_(STS)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | |
| F5BI-AP-000231 - The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| F5BI-DM-300046 - The F5 BIG-IP appliance must be configured to use multifactor authentication (MFA) for interactive logins. | DISA F5 BIG-IP TMOS NDM STIG v1r2 | F5 | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| JUSX-AG-000037 - The Juniper SRX Services Gateway Firewall must generate audit records when unsuccessful attempts to access security zones occur. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUSX-DM-000001 - The Juniper SRX Services Gateway must limit the number of concurrent sessions to a maximum of 10 or less for remote access using SSH. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | ACCESS CONTROL |
| JUSX-DM-000007 - The Juniper SRX Services Gateway must automatically terminate a network administrator session after organization-defined conditions or trigger events requiring session disconnect. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| JUSX-DM-000029 - The Juniper SRX Services Gateway must generate a log event when privileged commands are executed. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | ACCESS CONTROL |
| JUSX-DM-000095 - The Juniper SRX Services Gateway must be configured to use an authentication server to centrally manage authentication and logon settings for remote and nonlocal access. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000108 - The Juniper SRX Services Gateway must be configured to prohibit the use of unnecessary and/or nonsecure functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-DM-000124 - The Juniper SRX Services Gateway must implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-DM-000146 - For nonlocal maintenance sessions using SNMP, the Juniper SRX Services Gateway must use and securely configure SNMPv3 with SHA256 or higher to protect the integrity of maintenance and diagnostic communications. | DISA Juniper SRX Services Gateway NDM v3r3 | Juniper | MAINTENANCE |
| OS10-RTR-000200 - The Dell OS10 out-of-band management (OOBM) gateway router must be configured to have separate Interior Gateway Protocol (IGP) instances for the managed network and management network. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
