| 3.1 URPF | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.1.2 Ensure packet redirect sending is disabled - 'net.ipv4.conf.default.send_redirects' (sysctl.conf/sysctl.d) | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - 'sysctl net.ipv4.conf.default.send_redirects' | CIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - /etc/sysctl ipv4 all send | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl ipv4 default send | CIS SUSE Linux Enterprise Server 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Ensure packet redirect sending is disabled - sysctl ipv4 default send | CIS SUSE Linux Enterprise Workstation 11 L1 v2.1.1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.all.send_redirects | CIS Ubuntu Linux 16.04 LTS Workstation L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.all.send_redirects | CIS Ubuntu Linux 18.04 LXD Host L1 Server v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects | CIS Ubuntu Linux 16.04 LTS Server L1 v2.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.2.1 Ensure packet redirect sending is disabled - sysctl net.ipv4.conf.default.send_redirects | CIS Ubuntu Linux 18.04 LXD Host L1 Workstation v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.4 Ensure net.ipv4.conf.all.send_redirects is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Amazon Linux 2 v4.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Debian Linux 13 v1.0.0 L1 Server | Unix | CONFIGURATION MANAGEMENT |
| 3.3.1.5 Ensure net.ipv4.conf.default.send_redirects is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Ensure packet redirect sending is disabled | CIS Red Hat Enterprise Linux 7 v4.0.0 L1 Workstation | Unix | CONFIGURATION MANAGEMENT |
| 3.3.2 Ensure packet redirect sending is disabled | CIS Ubuntu Linux 18.04 LTS v2.2.0 L1 Server | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.2 Ensure packet redirect sending is disabled | CIS FreeBSD 14 v1.0.1 L1 | Unix | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 3.3.3.1 Set 'neighbor password' | CIS Cisco IOS XE 16.x v2.2.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 5.5 Ensure SNMP Write Access is not set | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARST-RT-000450 - The Arista perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000600 - The Arista BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| BGP: Disable Capability Negotiation | TNS Alcatel-Lucent TiMOS/Nokia SR-OS Best Practice Audit | Alcatel | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0071-ORACLE11 - New passwords must be required to differ from old passwords by more than four characters - 'PASSWORD_VERIFY_FUNCTION is not set to NULL or DEFAULT' | DISA STIG Oracle 11 Instance v9r1 Database | OracleDB | |
| Ensure packet redirect sending is disabled - /etc/sysctl ipv4 default send | Tenable Cisco Firepower Management Center OS Best Practices Audit | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure timezone is properly configured | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000016 - The unexposed feature keyword isolation.tools.getCreds.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000025 - The unexposed feature keyword isolation.tools.unityInterlockOperation.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000031 - The unexposed feature keyword isolation.tools.guestDnDVersionSet.disable must be initialized to decrease the VMs potential attack vectors. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| ESXI5-VM-000034 - The system must disconnect unauthorized floppy devices. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | MEDIA PROTECTION |
| ESXI5-VM-000038 - The system must disconnect unauthorized USB devices. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | MEDIA PROTECTION |
| ESXI5-VM-000041 - The system must limit VM logging records. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | AUDIT AND ACCOUNTABILITY |
| ESXI5-VM-000052 - The system must control access to VMs through VMsafe CPU/memory APIs. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| ESXI5-VM-000054 - The system must control access to VMs through the VMsafe CPU/memory vmsafe.enable API. | DISA VMware ESXi Version 5 Virtual Machine STIG v2r1 | VMware | SYSTEM AND INFORMATION INTEGRITY |
| GEN003607 - The system must not accept source-routed IPv4 packets - 'net.ipv4.conf.default.accept_source_route' | DISA STIG for Oracle Linux 5 v2r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GEN003607 - The system must not accept source-routed IPv4 packets - ssrr | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN003607 - The system must not accept source-routed IPv4 packets. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007940 - The system must not accept source-routed IPv6 packets. | DISA AIX 5.3 STIG v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN007940 - The system must not accept source-routed IPv6 packets. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| OS10-RTR-000010 - The Dell OS10 Router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000140 - The Dell OS10 multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000160 - The Dell OS10 Router must be configured to have all inactive interfaces disabled. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000220 - The Dell OS10 multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | ACCESS CONTROL |
| OS10-RTR-000260 - The Dell OS10 Router must be configured to log all packets that have been dropped. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | AUDIT AND ACCOUNTABILITY |
| OS10-RTR-000340 - The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000470 - The Dell OS10 out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000620 - The Dell OS10 Router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000640 - The Dell OS10 Router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000800 - The Dell OS10 multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000810 - The Dell OS10 multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
