| 1.1.3.17.9 Set 'User Account Control: Only elevate executables that are signed and validated' to 'Disabled' | CIS Windows 8 L1 v1.0.0 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3 Ensure Exec Timeout for Console Sessions is set | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | SYSTEM AND SERVICES ACQUISITION |
| 2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | SYSTEM AND SERVICES ACQUISITION |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.4.1 Set 'neighbor password' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Debian Linux 10 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Debian Linux 10 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.9 Ensure IPv6 router advertisements are not accepted | CIS Amazon Linux 2023 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Debian Linux 11 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS CentOS Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS CentOS Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Debian Linux 11 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 5.003 - Booting into alternate operating systems is permitted. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.018 - Windows Messenger (MSN Messenger, .NET messenger) is run at system startup. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 20.13 (L1) Ensure 'Web browser is supported and secured' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | MobileIron - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AIOS-18-015500 - Apple iOS/iPadOS 18 must disable the download of iOS/iPadOS beta updates. | AirWatch - DISA Apple iOS/iPadOS 18 v2r2 | MDM | CONFIGURATION MANAGEMENT |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARST-RT-000180 - The Arista perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000180 - The Arista perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000720 - The MPLS router must be configured to have TTL propagation disabled. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | CONFIGURATION MANAGEMENT |
| CASA-ND-000240 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000260 - The Cisco ASA must be configured to produce audit log records containing sufficient information to establish what type of event occurred. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000280 - The Cisco ASA must be configured to produce audit records containing information to establish where the events occurred. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000320 - The Cisco ASA must be configured to generate audit records containing the full-text recording of privileged commands. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| Console Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| Include Logout in Session Records | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| OpenStack Networks and their attached subnets | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OpenStack Subnet Details | Tenable Best Practices OpenStack v2.0.0 | OpenStack | CONFIGURATION MANAGEMENT |
| OS10-RTR-000180 - The perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000680 - The Dell OS10 BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCSA-80-000274 - The vCenter Server must not configure all port groups to virtual local area network (VLAN) values reserved by upstream physical switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
