| 1.1.1 Enable 'aaa new-model' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.1.5 Local users, groups and tasks | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | ACCESS CONTROL |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.4 Create 'access-list' for use with 'line vty' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.1 Enable logging | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.9.2 Configure SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.1 Set 'logging enable' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.1 Set 'logging enable' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 4.2.1 Ensure IS-IS neighbor authentication is set to MD5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000090 - The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000770 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS XE Router NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000560 - The Cisco BGP switch must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000720 - The Cisco PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000740 - The Cisco PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE router must be configured to ignore or block all packets with any IP options. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000890 - The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| IIST-SI-000239 - The IIS 10.0 websites must use ports, protocols, and services according to Ports, Protocols, and Services Management (PPSM) guidelines. | DISA IIS 10.0 Site v2r11 | Windows | CONFIGURATION MANAGEMENT |
| IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WBSP-AS-000212 - The WebSphere Application Server Java 2 security must not be bypassed. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WN19-DC-000190 - Windows Server 2019 Active Directory Infrastructure object must be configured with proper audit settings. | DISA Microsoft Windows Server 2019 STIG v3r4 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
