| 1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.1.5 Set 'login authentication for 'ip http' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL |
| 1.6.3 Ensure Exec Timeout for Console Sessions is set | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.1.1.1.1 Set the 'hostname' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.45 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.2.46 Ensure 'Increase scheduling priority' is set to 'Administrators' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.17.4 Ensure 'User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode' is set to 'Prompt for consent on the secure desktop or Prompt for credentials on the secure desktop' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Debian 10 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Ubuntu Linux 20.04 LTS Workstation L1 v2.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Debian 10 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Ubuntu Linux 20.04 LTS Server L1 v2.0.1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat EL8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Rocky Linux 8 Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Amazon Linux 2 v3.0.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 8 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Rocky Linux 8 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS AlmaLinux OS 8 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 22.04 LTS v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled: Warn' or 'Enabled: Warn and prevent bypass' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 19.7.15.1.1 Ensure 'Turn off Preview Pane' is set to 'Enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000720 - The MPLS router must be configured to have TTL propagation disabled. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature. | DISA STIG Cisco ASA NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000150 - The Cisco switch must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must disconnect the session. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| JUNI-RT-000570 - The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONTINGENCY PLANNING |
| Review the list of Domains | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONFIGURATION MANAGEMENT |
