| 1.1.4 Set 'login authentication for 'line vty' | CIS Cisco IOS XE 16.x v2.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.6 Ensure maximum RAM is installed | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.200 RHEL-09-254030 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1 Ensure IPv6 router advertisements are not accepted - 'net.ipv6.conf.all.accept_ra = 0 sysctl' | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS XE 16.x v2.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 4.5.5 (L1) Ensure 'MSS: (EnableICMPRedirect) Allow ICMP redirects to override OSPF generated routes' is set to 'Disabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - difok | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - maxclassrepeat | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - minclass | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.4.7 Ensure minimum and maximum requirements are set for password changes - minlen | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - DICTIONLIST = /usr/share/lib/dict/words | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINALPHA = 2 | CIS Solaris 11 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies - MINUPPER = 1 | CIS Solaris 11.1 L1 v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.2 Set Strong Password Creation Policies- MAXREPEATS = 0 | CIS Solaris 11.2 L1 v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 7.5 Ensure port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 6.7 v1.3.0 Level 1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure that port groups are not configured to VLAN values reserved by upstream physical switches | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | |
| ALMA-09-018830 - AlmaLinux OS 9 firewall must employ a deny-all, allow-by-exception policy for allowing connections to other systems. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r6 | Unix | CONFIGURATION MANAGEMENT |
| AMLS-L3-000320 - The Arista Multilayer Switch must not enable the RIP routing protocol. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000190 - The out-of-band management (OOBM) Arista gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000210 - The multicast Rendezvous Point (RP) Arista router must be configured to filter Protocol Independent Multicast (PIM) Register and Join messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| CASA-ND-000140 - The Cisco ASA must be configured to enforce approved authorizations for controlling the flow of management information within the Cisco ASA based on information flow control policies. | DISA STIG Cisco ASA NDM v2r4 | Cisco | ACCESS CONTROL |
| CASA-ND-000520 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one uppercase character be used. | DISA STIG Cisco ASA NDM v2r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000530 - The Cisco ASA must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA STIG Cisco ASA NDM v2r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CASA-ND-000940 - The Cisco ASA must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001200 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful attempts to modify administrator privileges occur. | DISA STIG Cisco ASA NDM v2r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000570 - The Cisco switch must be configured to enforce password complexity by requiring that at least one uppercase character be used. | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000590 - The Cisco switch must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001030 - The Cisco switch must be configured to synchronize its clock with the primary and secondary time sources using redundant authoritative time sources. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001050 - The Cisco switch must be configured to record time stamps for log records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). | DISA Cisco NX OS Switch NDM STIG v3r6 | Cisco | AUDIT AND ACCOUNTABILITY |
| JBOS-AS-000080 - The JBoss server must generate log records for access and authentication events to the management interface. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000090 - The Juniper router configured for MSDP must limit the amount of source-active messages it accepts on per-peer basis. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUNI-ND-001470 - The Juniper router must be running a Junos release that is currently supported by Juniper Networks. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000350 - The Juniper perimeter router must be configured to block all packets with any IP options. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000370 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000730 - The Juniper PE router must be configured to ignore or block all packets with any IP options. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000930 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on per-peer basis. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| Maximum Validity Period (h) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| OS10-RTR-000020 - The Dell OS10 BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-001030 - The Dell OS10 Router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | CONFIGURATION MANAGEMENT |
| Remote user login policy | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| Syslog - Admin State | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| Syslog - Console Destination - Severity | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| Syslog Remote Destination - Severity | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| VCSA-80-000299 - The vCenter Server must disable CDP/LLDP on distributed switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| Web Token Timeout (s) | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | ACCESS CONTROL |
| WG400 A22 - All interactive programs (CGI) must be placed in a designated directory with appropriate permissions. | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | ACCESS CONTROL |
