| 1.5.1 Ensure Syslog Logging is configured | CIS Cisco NX-OS v1.2.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Configure at least 2 external NTP Servers | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L3-000120 - The Arista Multilayer Switch must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - PIM neighbor filter to interfaces that have PIM enabled. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000260 - The Arista Multilayer Switch must ensure all Exterior Border Gateway Protocol (eBGP) routers are configured to use Generalized TTL Security Mechanism (GTSM) or are configured to meet RFC3682. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-000120 - The Arista Multilayer Switch must automatically audit account creation. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000130 - The Arista Multilayer Switch must automatically audit account modification. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000140 - The Arista Multilayer Switch must automatically audit account disabling actions. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000150 - The Arista Multilayer Switch must automatically audit account removal actions. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000180 - The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000200 - The Arista Multilayer Switch must generate audit records containing the full-text recording of privileged commands. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| ARST-L2-000140 - The Arista MLS layer 2 Arista MLS switch must implement Rapid STP where VLANs span multiple switches with redundant links. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-ND-000690 - The Arista network devices must use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco ASA 8 from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco Firewall v8.x from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CIS_Cisco_IOS_12_v4.0.0_Level_1.audit for Cisco IOS 12 from CIS Cisco IOS 12 Benchmark v4.0.0 | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | |
| CIS_Cisco_IOS_12_v4.0.0_Level_2.audit for Cisco IOS 12 from CIS Cisco IOS 12 Benchmark v4.0.0 | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | |
| CIS_Cisco_IOS_15_v4.1.1_Level_1.audit from CIS Cisco IOS 15 Benchmark | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | |
| CIS_Cisco_IOS_15_v4.1.1_Level_2.audit from CIS Cisco IOS 15 Benchmark | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | |
| CIS_v4.1.0_Cisco_Firewall_ASA_9_Level_1.audit for Cisco ASA 9 from CIS Cisco Firewall Benchmark v4.1.0 | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000380 - The Cisco perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000380 - The Cisco perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000380 - The Cisco perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Configure Allowed Authentication Types | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Control Plane Policing | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - port trust, vlans, and validate | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000058 - The system must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000067 - All physical switch ports must be configured with spanning tree disabled. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-65-000058 - The ESXi host must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000058 - The ESXi host must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000058 - The ESXi host must enable Bridge Protocol Data Units (BPDU) filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| Login banner - banner exec | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Login banner - banner exec | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Login banner - banner motd | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| RADIUS and TACACS+ authorization and accounting - accounting commands | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| RADIUS and TACACS+ authorization and accounting - accounting exec | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| RADIUS and TACACS+ authorization and accounting - authorization commands auto | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Storing credentials in the switch configuration | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
