| 1.6.1 Configure at least 2 external NTP Servers | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1.3.3 ndpd-router | CIS IBM AIX 7.1 L2 v2.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.3.3 Ensure ndpd-router is not in use | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.10.1 Ensure ICMP Router Discovery is disabled | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| 5.1 (L1) Host firewall must only allow traffic from authorized networks | CIS VMware ESXi 8.0 v1.2.0 L1 VMware | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000300 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000590 - The Arista multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000590 - The Arista multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000690 - The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000690 - The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000710 - The MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000710 - The MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONTINGENCY PLANNING |
| CISC-RT-000470 - The Cisco BGP switch must be configured to check whether a single-hop eBGP peer is directly connected. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000530 - The Cisco BGP switch must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000560 - The Cisco BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP switch must be configured to limit the prefix size on any inbound route advertisement to /24, or the least significant prefixes issued to the customer. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| GEN001375-ESXI5-000086 - For systems using DNS resolution, at least two name servers must be configured. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000320 - The Juniper EX switch must be configured to require that when a password is changed, the characters are changed in at least eight of the positions within the password. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUSX-AG-000145 - The Juniper SRX Services Gateway Firewall must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| OS10-RTR-000030 - The Dell OS10 BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000040 - The Dell OS10 BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000060 - The Dell OS10 BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000100 - The Dell OS10 BGP router must be configured to reject route advertisements from CE routers with an originating autonomous system (AS) in the AS_PATH attribute that does not belong to that customer. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000430 - The Dell OS10 BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000670 - The Dell OS10 BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix deaggregation attacks. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000910 - The Dell OS10 BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| PHTN-40-000067 - The Photon operating system must restrict access to the kernel message buffer. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000068 - The Photon operating system must be configured to use TCP syncookies. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000160 - The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000231 - The Photon operating system must not perform IPv4 packet forwarding. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 - The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000244 - The Photon operating system must enable hardlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000246 - The Photon operating system must restrict core dumps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
