| 1.1.8 Set 'aaa accounting connection' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.1.10 Set 'aaa accounting network' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.3 Configure a Password Policy | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4.2 Set AAA 'source-interface' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.3 Require Binding NTP Service to Loopback Interface - 'NTP/SNTP is bound to loopback' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Set 'no interface tunnel' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.4 Set 'ip rip authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.10 Ensure 'Active Directory SYSVOL directory must have the proper access control permissions' (STIG DC only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL |
| 20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.51 Ensure 'Permissions for the system drive root directory must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| AIX7-00-001101 - AIX CDE must conceal, via the session lock, information previously visible on the display with a publicly viewable image. | DISA STIG AIX 7.x v3r1 | Unix | ACCESS CONTROL |
| AMLS-L2-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| AMLS-NM-000110 - The Arista Multilayer Switch account of last resort must have a password with a length of 15 characters. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000110 - The Cisco router must be configured to automatically audit account disabling actions. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000380 - The Cisco router must be configured to protect audit information from unauthorized modification. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000150 - The Cisco router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an approved gateway service provider. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000530 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | CONTINGENCY PLANNING |
| SLES-15-020040 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SUSE Linux Enterprise Server 15 STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| UBTU-22-411010 - Ubuntu 22.04 LTS must prevent direct login into the root account. | DISA Canonical Ubuntu 22.04 LTS STIG v2r4 | Unix | IDENTIFICATION AND AUTHENTICATION |
| WN12-SO-000084 - User Account Control must switch to the secure desktop when prompting for elevation. | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
