| 1.1.1 Enable 'aaa new-model' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.164 WN16-DC-000190 | CIS Microsoft Windows Server 2016 STIG v4.0.0 DC CAT II | Windows | ACCESS CONTROL |
| 1.165 WN19-DC-000190 | CIS Microsoft Windows Server 2019 STIG v4.0.0 DC CAT II | Windows | AUDIT AND ACCOUNTABILITY |
| 2.2.1.2 Set 'ntp authentication-key' | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS XE 16.x v2.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS XE 16.x v2.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.1 Ensure IS-IS neighbor authentication is set to MD5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000090 - The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000090 - The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000770 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | MAINTENANCE |
| CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC). | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000530 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24, or the least significant prefixes issued to the customer. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000660 - The Cisco PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA Cisco IOS Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE router must be configured to ignore or drop all packets with any IP options. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000850 - The Cisco multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000910 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DISA_STIG_JRE_8_Windows_v2r1.audit for DISA Oracle Java Runtime Environment (JRE) Version 8 for Windows v2r1 STIG | DISA STIG Oracle JRE 8 Windows v2r1 | Windows | |
| DISA_STIG_McAfee_VirusScan_8.8_Managed_Client_v6r1.audit from DISA McAfee VirusScan 8.8 Managed Client Security Technical implementation Guide v6r1 STIG | DISA McAfee VirusScan 8.8 Managed Client STIG v6r1 | Windows | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Management_Interface_(VAMI)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN25-DC-000190 - Windows Server 2025 Active Directory (AD) Infrastructure object must be configured with proper audit settings. | DISA Microsoft Windows Server 2025 STIG v1r1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
