| 1.1.1.3 Configure AAA Authentication - RADIUS if applicable | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.3 Hardening Password Rules | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Set 'login authentication for 'line tty' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.2 Configuring Time Services | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | AUDIT AND ACCOUNTABILITY |
| 1.3.2 Configuring Time Services | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| 1.6.1 TLS Check Key Usage | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Configure NTP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.9.3 Configure source interface for SNMP Traps | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.12 Login Banner | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL |
| 1.12 Login Banner | CIS HPE Aruba Networking CX Switch v1.0.1 L1 | ArubaOS | ACCESS CONTROL |
| 2.1.1 Disable USB and Bluetooth on Device | CIS HPE Aruba Networking CX Switch v1.0.1 L2 | ArubaOS | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.1.1 Disable USB and Bluetooth on Device | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 PIM SSM | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Configure LLDP | CIS Cisco NX-OS v1.2.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.4.2 Configure CDP | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.7 RA Guard | CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations | ArubaOS | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Configure Local Configuration Backup Schedule | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONTINGENCY PLANNING |
| 5.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Windows 10 Stand-alone v4.0.0 L2 BL NG | Windows | CONFIGURATION MANAGEMENT |
| 7.3 (L1) Ensure the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 7.0 v1.5.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 81.42 (L2) Ensure 'WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc)' is set to 'Disabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| ARST-L2-000130 - The Arista MLS layer 2 switch must have IGMP or MLD Snooping configured on all VLANs. | DISA Arista MLS EOS 4.X L2S STIG v2r3 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000130 - The Arista MLS layer 2 switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic. | DISA Arista MLS EOS 4.X L2S STIG v2r3 | Arista | CONTINGENCY PLANNING |
| ARST-ND-000110 - The Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-ND-000110 - The Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL |
| ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000660 - The Arista network device must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000820 - The network device must be configured to conduct backups of system level information contained in the information system when changes occur. | DISA Arista MLS EOS 4.X NDM STIG v2r2 | Arista | CONTINGENCY PLANNING |
| ARST-ND-000820 - The network device must be configured to conduct backups of system level information contained in the information system when changes occur. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONTINGENCY PLANNING |
| Brocade - Enable the track changes feature | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - Fabric Configuration Server policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| Configure Allowed Authentication Types | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Control Plane Policing | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000066 - The non-negotiate option must be configured for trunk links between external physical switches and virtual switches in VST mode. | DISA VMware vSphere ESXi 6.0 STIG v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000066 - For physical switch ports connected to the ESXi host, the non-negotiate option must be configured for trunk links between external physical switches and virtual switches in VST mode. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000066 - For physical switch ports connected to the ESXi host, the non-negotiate option must be configured for trunk links between external physical switches and virtual switches in Virtual Switch Tagging (VST) mode. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000008 - All physical switch ports must be configured with spanning tree disabled. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VMNET-000017 - The non-negotiate option must be configured for trunk links between external physical switches and virtual switches in VST mode. | DISA VMWare ESXi 5.0 Server STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| F5BI-AP-000231 - The F5 BIG-IP appliance must be configured to deny access when revocation data is unavailable using OCSP. | DISA F5 BIG-IP Access Policy Manager STIG v2r4 | F5 | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000100 - The Juniper EX switch must be configured to enable STP Loop Protection on all non-designated STP switch ports. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-L2S-000270 - The Dell OS10 Switch must not have any switch ports assigned to the native VLAN. | DISA Dell OS10 Switch Layer 2 Switch STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| Time synchronization - ntp authentication | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Time synchronization - ntp enable | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
| Time synchronization - ntp unicast | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | AUDIT AND ACCOUNTABILITY |
