| 3.1.1 Set 'no ip source-route' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.4.1 Set 'neighbor password' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /etc/sysctl.conf /etc/sysctl.d/*' | CIS Oracle Linux 6 Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /sbin/sysctl' | CIS CentOS 6 Server L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra = 0 /sbin/sysctl' | CIS CentOS 6 Workstation L1 v3.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.default.accept_ra' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'sysctl net.ipv6.conf.all.accept_ra' | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - 'sysctl net.ipv6.conf.default.accept_ra' | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - files net.ipv6.conf.default.accept_ra = 0 | CIS Debian Family Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - files net.ipv6.conf.default.accept_ra = 0 | CIS Debian Family Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - net.ipv6.conf.default.accept_ra = 0 | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.all.accept_ra | CIS Fedora 19 Family Linux Workstation L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.9 Ensure IPv6 router advertisements are not accepted - sysctl net.ipv6.conf.default.accept_ra | CIS Fedora 19 Family Linux Server L1 v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Linux Mint 22 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Debian Linux 12 v1.1.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 8 STIG v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Oracle Linux 9 v2.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Red Hat Enterprise Linux 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS AlmaLinux OS 9 v2.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 20.04 LTS v3.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.11 Ensure ipv6 router advertisements are not accepted | CIS Ubuntu Linux 24.04 LTS v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.121 - The system does not have a backup administrator account | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.8 Ensure interface restrictions are set for SNMP | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.140 - The HBSS McAfee Agent is not installed. - masvc | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINDIFF = 3 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINLOWER = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINLOWER = 1 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINLOWER = 1 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions. | DISA STIG Cisco ASA NDM v2r4 | Cisco | ACCESS CONTROL |
| CASA-ND-001250 - The Cisco ASA must be configured to generate audit records when concurrent logons from different workstations occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit for Cisco Firewall v8.x from CIS Cisco Firewall v8.x Benchmark v4.2.0 | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | |
| CIS_Cisco_IOS_12_v4.0.0_Level_2.audit for Cisco IOS 12 from CIS Cisco IOS 12 Benchmark v4.0.0 | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | |
| CIS_Cisco_IOS_15_v4.1.1_Level_1.audit from CIS Cisco IOS 15 Benchmark | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | |
| CISC-ND-000600 - The Cisco switch must be configured to enforce password complexity by requiring that at least one special character be used. | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001310 - The Cisco switch must be configured to off-load log records onto a different system than the system being audited. | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000200 - The Juniper out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000570 - The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONTINGENCY PLANNING |
| JUSX-VN-000004 - The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | ACCESS CONTROL |
| OS10-RTR-000050 - The Dell OS10 BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| SQLI-22-004300 - SQL Server must be configured to generate audit records for DOD-defined auditable events within all DBMS/database components. | DISA Microsoft SQL Server 2022 Instance STIG v1r4 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| System Alias and Banners - GUI Banner (URL) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
