| 1.328 OL08-00-040150 | CIS Oracle Linux 8 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS SUSE Linux Enterprise 16 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Rocky Linux 10 v1.0.0 L1 Server | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Rocky Linux 10 v1.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.18 Ensure net.ipv4.tcp_syncookies is configured | CIS Ubuntu Linux 22.04 LTS v3.0.0 L1 Workstation | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AIX7-00-003096 - AIX must set Stack Execution Disable (SED) system wide mode to all. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA Arista MLS EOS 4.X L2S STIG v2r3 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA Cisco IOS XE Switch L2S STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks. | DISA Cisco IOS Switch L2S STIG v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000700 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA Cisco NX OS Switch RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA Cisco IOS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DKER-EE-001170 - A policy set using the built-in role-based access control (RBAC) capabilities in the Universal Control Plane (UCP) component of Docker Enterprise must be configured. | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - repositoryAccess | DISA STIG Docker Enterprise 2.x Linux/Unix DTR v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| DKER-EE-001180 - A policy set using the built-in role-based access control (RBAC) capabilities in the Docker Trusted Registry (DTR) component of Docker Enterprise must be set - team member access | DISA STIG Docker Enterprise 2.x Linux/Unix UCP v2r2 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| F5BI-FW-300017 - The F5 BIG-IP appliance must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA F5 BIG-IP TMOS Firewall STIG v1r1 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN003612 - The system must be configured to use TCP syncookies when experiencing a TCP SYN flood. | DISA STIG for Oracle Linux 5 v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000005 - The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that rules are applied to outbound communications traffic. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-IP-000006 - The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that signature-based objects are applied to outbound communications traffic. | DISA Juniper SRX Services Gateway IDPS v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL08-00-040150 - A firewall must be able to protect against or limit the effects of denial-of-service (DoS) attacks by ensuring OL 8 can implement rate-limiting measures on impacted network interfaces. | DISA Oracle Linux 8 STIG v2r8 | Unix | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| PANW-IP-000018 - The Palo Alto Networks security platform must have a denial-of-service (DoS) Protection Profile for outbound traffic applied to a policy for traffic originating from the internal zone going to the external zone. | DISA Palo Alto Networks IDPS STIG v3r2 | Palo_Alto | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-16-030510 - The Ubuntu operating system must be configured to use TCP syncookies. | DISA STIG Ubuntu 16.04 LTS v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN12-SO-000008 - Auditing of Backup and Restore Privileges must be turned off. | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
