| 1.1.1.2 RADIUS | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | ACCESS CONTROL |
| 1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.8 Set 'aaa accounting connection' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.1.9 Set 'aaa accounting exec' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.1.11 Set 'aaa accounting system' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 1.4.2 Enable 'service password-encryption' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.8.1 Enable FIPS Mode | CIS Cisco NX-OS v1.2.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.1.3 Set the 'ntp trusted-key' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.1.3 Set the 'ntp trusted-key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4.2 Set AAA 'source-interface' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.3 Set 'ntp source' to Loopback Interface - 'NTP is bound to loopback' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Set 'key' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.2 Set 'key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.4.1 Set 'neighbor password' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 5.1 Ensure 'Microsoft FTP Service (FTPSVC)' is set to 'Not Installed' (STIG only) | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 5.10 (L1) Host must restrict the use of Virtual Guest Tagging (VGT) on standard virtual switches | CIS VMware ESXi 8.0 v1.2.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000390 - The Cisco router must be configured to protect audit information from unauthorized deletion. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | MAINTENANCE |
| CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000180 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| CISC-RT-000740 - The Cisco PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| DG0127-ORACLE11 - DBMS account passwords should not be set to easily guessed words or values - 'limit' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| Extreme : switch Info | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
| PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
| Physical Security - Diagnostic Ports - Password protect Diagnostic ports - diag-port | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
