| AMLS-L3-000260 - The Arista Multilayer Switch must ensure all Exterior Border Gateway Protocol (eBGP) routers are configured to use Generalized TTL Security Mechanism (GTSM) or are configured to meet RFC3682. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000100 - The Arista MLS layer 2 switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000490 - The Arista router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000570 - The Arista BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000600 - The Arista BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature. | DISA STIG Cisco ASA NDM v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-004030 - The on-failure container restart policy must be is set to 5 in Docker Enterprise. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-004040 - The Docker Enterprise default ulimit must not be overwritten at runtime unless approved in the System Security Plan (SSP). | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000232 - Exchange internal Send connectors must use an authentication level. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000230 - Exchange must not send delivery reports to remote domains. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000231 - Exchange must not send nondelivery reports to remote domains. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000232 - The Exchange SMTP automated banner response must not reveal server details. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000530 - The Juniper EX switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000580 - The Juniper router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000590 - The Juniper router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000610 - The Juniper router must be configured to have IP directed broadcast disabled on all interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000650 - The Juniper BGP router must be configured to use the prefix limit feature to protect against route table flooding and prefix deaggregation attacks. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000660 - The Juniper BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000680 - The Juniper multicast RP router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of PIM and MSDP source-active entries. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000700 - The Juniper multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000720 - The Juniper BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040150 - A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring RHEL 8 can implement rate-limiting measures on impacted network interfaces. | DISA Red Hat Enterprise Linux 8 STIG v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-09-251030 - RHEL 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented. | DISA Red Hat Enterprise Linux 9 STIG v2r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000520 - Symantec ProxySG providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000530 - Symantec ProxySG must implement load balancing to limit the effects of known and unknown types of denial-of-service (DoS) attacks. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-67-000030 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000001 - vSphere Client must limit the amount of time that each TCP connection is kept alive. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-80-000001 The vCenter Lookup service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Lookup Service STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-70-000032 - Performance Charts must disable the shutdown port. | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-80-000001 The vCenter Perfcharts service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Perfcharts STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-80-000001 The vCenter STS service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-67-000029 - vSphere UI must disable the shutdown port - vsphere-ui.json | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-70-000031 - vSphere UI must disable the shutdown port. | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCUI-80-000001 The vCenter UI service must limit the number of maximum concurrent connections permitted. | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001480 - The WebSphere Application servers with an RMF categorization of high must be in a high-availability (HA) cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001570 - The WebSphere Application Server high availability applications must be installed on a cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - ORB | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startup | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPInbound | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - TCPChannel.DCS | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainer | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WMQJCAResourceAdapter | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Microsoft Windows 11 STIG v2r3 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
