| 1.1.1 Enable 'aaa new-model' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL |
| 1.1.1 Enable 'aaa new-model' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.1 Ensure 'Logon Password' is set | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.1.1 Configure AAA Authentication - TACACS if applicable | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.1 Set 'password' for 'enable secret' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.3.3.3 Ensure ndpd-router is not in use | CIS IBM AIX 7 v1.1.0 L1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ARST-RT-000370 - The Arista perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000590 - The Arista multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000590 - The Arista multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000710 - The MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000710 - The MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONTINGENCY PLANNING |
| ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONTINGENCY PLANNING |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS XE Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000240 - The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Cisco IOS XE Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000470 - The Cisco BGP switch must be configured to check whether a single-hop eBGP peer is directly connected. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| ESXI-65-000065 - For the ESXi host all port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000065 - For the ESXi host, all port groups must not be configured to VLAN values reserved by upstream physical switches. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| JUEX-RT-000410 - The Juniper perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000420 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000820 - The Juniper perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3255. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000990 - The Juniper router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| OS10-RTR-000030 - The Dell OS10 BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000060 - The Dell OS10 BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000100 - The Dell OS10 BGP router must be configured to reject route advertisements from CE routers with an originating autonomous system (AS) in the AS_PATH attribute that does not belong to that customer. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000670 - The Dell OS10 BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix deaggregation attacks. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000067 - The Photon operating system must restrict access to the kernel message buffer. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000068 - The Photon operating system must be configured to use TCP syncookies. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000105 - The Photon operating system must enable symlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000160 - The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000224 - The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000226 - The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000227 - The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000229 - The Photon operating system must use a reverse-path filter for IPv4 network traffic. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 - The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000244 - The Photon operating system must enable hardlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
