| 1.1.4 Set 'login authentication for 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.7.3 Set SSH Key Modulus Length | CIS Cisco NX-OS v1.2.0 L2 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND SERVICES ACQUISITION |
| 2.2.32 Ensure 'Deny log on locally' to include 'Guests' (STIG DC only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 2.3.2 Set 'ip address' for 'ntp server' | CIS Cisco IOS XE 17.x v2.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 2.3.10.3 Ensure 'Network access: Do not allow anonymous enumeration of SAM accounts' is set to 'Enabled' (STIG DC & MS only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| 5.003 - Booting into alternate operating systems is permitted. | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 5.017 - The user is allowed to launch Windows Messenger (MSN Messenger, .NET Messenger). | DISA Windows Vista STIG v6r41 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.57.2 Ensure 'Turn on Basic feed authentication over HTTP' is set to 'Not configured' or 'Disabled' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 18.10.75.2.2 Ensure 'Configure Windows Defender SmartScreen' is set to 'Enabled' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 19.7.15.1.2 Ensure 'Turn on off details pane' is set to 'Enabled: Always hide' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.31 Ensure 'Host-based firewall is installed and enabled' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIOS-13-013100 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 13 v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AIOS-14-011000 - Apple iOS/iPadOS must implement the management setting: disable paired Apple Watch. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L2-000150 - The Arista Multilayer Switch must re-authenticate 802.1X connected devices every hour - logging level DOT1X informational | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000790 - The Arista network device must be configured to capture all DOD auditable events. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY |
| Brocade - Authentication policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Enable the track changes feature for SNMP traps | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| Brocade - IPfilter policy must be rejected | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - Review admin user listings | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Review Enabled Accounts | Tenable Best Practices Brocade FabricOS | Brocade | ACCESS CONTROL |
| Brocade - Review the NTP server configuration | Tenable Best Practices Brocade FabricOS | Brocade | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000140 - The Cisco ASA must be configured to enforce approved authorizations for controlling the flow of management information within the Cisco ASA based on information flow control policies. | DISA STIG Cisco ASA NDM v2r2 | Cisco | ACCESS CONTROL |
| CASA-ND-000490 - The Cisco ASA must be configured to enforce a minimum 15-character password length. | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000910 - The Cisco ASA must be configured to audit the execution of privileged functions. | DISA STIG Cisco ASA NDM v2r2 | Cisco | ACCESS CONTROL |
| Change the Rekeying Timer | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| CISC-ND-000150 - The Cisco router must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must lock out the user account from accessing the device for 15 minutes. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-001030 - The Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001030 - The Cisco router must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001310 - The Cisco router must be configured to off-load log records onto a different system than the system being audited. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| ESXI-65-000059 - The virtual switch Forged Transmits policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000059 - The virtual switch Forged Transmits policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000059 - All port groups on standard switches must be configured to reject forged transmits. | DISA STIG VMware vSphere 7.0 ESXi v1r4 | VMware | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Disable IP Stack Management' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| Include Refresh in Session Records | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| JUEX-L2-000160 - The Juniper EX switch must be configured to enable IGMP or MLD Snooping on all VLANs. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | CONFIGURATION MANAGEMENT |
| LDAP - Enable SSL | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Syslog - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| System Alias and Banners - Controller CLI Banner | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| vNetwork : enable-bpdu-filter | VMWare vSphere 5.X Hardening Guide | VMware | |
| vNetwork : enable-portfast | VMWare vSphere 5.X Hardening Guide | VMware | |
