| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS AlmaLinux OS 8 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS Oracle Linux 10 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Red Hat Enterprise Linux 8 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS AlmaLinux OS 8 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Oracle Linux 10 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS AlmaLinux OS 10 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 8.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | ACCESS CONTROL, RISK ASSESSMENT |
| CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Cisco IOS Switch NDM STIG v3r7 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-ND-000390 - The Juniper router must be configured to protect audit information from unauthorized deletion. | DISA STIG Juniper Router NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-000470 - The Juniper router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-ND-000490 - The Juniper router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Juniper Router NDM v3r2 | Juniper | ACCESS CONTROL |
| JUNI-ND-000710 - The Juniper router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA STIG Juniper Router NDM v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-ND-000990 - The Juniper router must be configured to generate an alert for all audit failure events. | DISA STIG Juniper Router NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-ND-001060 - The Juniper router must be configured to prohibit installation of software without explicit privileged status. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-ND-001210 - The Juniper router must be configured to protect against known types of Denial of Service (DoS) attacks by employing organization-defined security safeguards - DoS attacks by employing organization-defined security safeguards | DISA STIG Juniper Router NDM v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-ND-001280 - The Juniper router must be configured to generate log records when concurrent logons from different workstations occur. | DISA STIG Juniper Router NDM v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-RT-000020 - The Juniper router must be configured to implement message authentication for all control plane protocols - IS-IS key | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - BGP | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - IS-IS | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000220 - The Juniper router must be configured to produce audit records containing information to establish the source of the events. | DISA STIG Juniper Router RTR v3r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUNI-RT-000280 - The Juniper perimeter router must be configured to protect an enclave connected to an approved gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000340 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000360 - The Juniper perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces - LLDP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000382 - The Juniper perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3255. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dstops | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000390 - The Juniper out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel - IPsec | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000390 - The Juniper out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel - Mgmt | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000410 - The Juniper out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000440 - The Juniper router must be configured to only permit management traffic that ingresses and egresses the OOBM interface - Inbound | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000450 - The Juniper router providing connectivity to the NOC must be configured to forward all in-band management traffic via an IPsec tunnel - IPsec | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000460 - The Juniper BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM) - Interfaces | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - bgp import | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000540 - The Juniper BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000590 - The Juniper MPLS router with RSVP-TE enabled must be configured to enable refresh reduction features. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000620 - The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT) - RT. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONTINGENCY PLANNING |
| JUNI-RT-000640 - The Juniper PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm - key-chain | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000640 - The Juniper PE router providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm - ldp | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000680 - The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces - traffic | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000690 - The Juniper PE router must be configured to implement Protocol Independent Multicast (PIM) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000740 - The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile - class-of-service | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000780 - The Juniper multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000790 - The Juniper multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - policy-options prefix | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000790 - The Juniper multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - policy-options statement | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000790 - The Juniper multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - protocols pim | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000820 - The Juniper multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources - protocols pim | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000880 - The Juniper multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed - policy-options | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000920 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups - policy-options | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000920 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups - protocols msdp | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| Management Access Policy - HTTP - Admin State | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
