| 7.16 Ensure Azure Network Security Perimeter is used to secure Azure platform-as-a-service resources | CIS Microsoft Azure Foundations v5.0.0 L2 | microsoft_azure | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000260 - The Arista router must be configured to have all non-essential capabilities disabled. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | CONFIGURATION MANAGEMENT |
| CISC-RT-000240 - The Cisco perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA_STIG_Amazon_Linux_2023_v1r2.audit from DISA Amazon Linux 2023 STIG v1r2 | DISA Amazon Linux 2023 STIG v1r2 | Unix | |
| DISA_STIG_Apache_Server-2.2_Unix_v1r11_Middleware.audit from DISA Apache 2.2 Unix STIG v1r11 | DISA STIG Apache Server 2.2 Unix v1r11 Middleware | Unix | |
| DISA_STIG_Apache_Site-2.2_Unix_v1r11_Middleware.audit from DISA Apache 2.2 Unix STIG v1r11 | DISA STIG Apache Site 2.2 Unix v1r11 Middleware | Unix | |
| DISA_STIG_BIND_9_v3r1.audit from DISA BIND 9.x v3r1 STIG | DISA BIND 9.x STIG v3r1 | Unix | |
| DISA_STIG_Cisco_ASA_FW_v2r1.audit from DISA Cisco ASA Firewall v2r1 STIG | DISA STIG Cisco ASA FW v2r1 | Cisco | |
| DISA_STIG_Cisco_ASA_NDM_v2r4.audit from DISA Cisco ASA NDM v2r4 STIG | DISA STIG Cisco ASA NDM v2r4 | Cisco | |
| DISA_STIG_IBM_DB2_v10.5_LUW_v2r1_OS_Linux.audit from DISA IBM DB2 V10.5 LUW v2r1 STIG | DISA STIG IBM DB2 v10.5 LUW v2r1 OS Linux | Unix | |
| DISA_STIG_Microsoft_Access_2013_v1r7.audit from DISA Microsoft Access 2013 v1r7 STIG | DISA STIG Microsoft Access 2013 v1r7 | Windows | |
| DISA_STIG_Microsoft_Defender_Antivirus_v2r8.audit from DISA Microsoft Defender Antivirus STIG v2r8 | DISA Microsoft Defender Antivirus STIG v2r8 | Windows | |
| DISA_STIG_Microsoft_Excel_2013_v1r8.audit from DISA Microsoft Excel 2013 v1r8 STIG | DISA STIG Microsoft Excel 2013 v1r8 | Windows | |
| DISA_STIG_Microsoft_Groove_2013_v1r4.audit from DISA Microsoft Groove 2013 v1r4 STIG | DISA STIG Microsoft Groove 2013 v1r4 | Windows | |
| DISA_STIG_Microsoft_InfoPath_2010_v1r12.audit from DISA Microsoft InfoPath 2010 v1r12 STIG | DISA STIG Office 2010 InfoPath v1r12 | Windows | |
| DISA_STIG_Microsoft_InfoPath_2013_v1r6.audit from DISA Microsoft InfoPath 2013 v1r6 STIG | DISA STIG Microsoft InfoPath 2013 v1r6 | Windows | |
| DISA_STIG_Microsoft_Office_Access_2016_v2r1.audit from DISA Microsoft Access 2016 v2r1 STIG | DISA STIG Microsoft Office Access 2016 v2r1 | Windows | |
| DISA_STIG_Microsoft_OneNote_2013_v1r4.audit from DISA Microsoft OneNote 2013 v1r4 STIG | DISA STIG Microsoft OneNote 2013 v1r4 | Windows | |
| DISA_STIG_Microsoft_Outlook_2013_v1r14.audit from DISA Microsoft Outlook 2013 v1r14 STIG | DISA STIG Microsoft Outlook 2013 v1r14 | Windows | |
| DISA_STIG_Microsoft_Outlook_2016_v2r4.audit from DISA Microsoft Outlook 2016 v2r4 STIG | DISA STIG Microsoft Outlook 2016 v2r4 | Windows | |
| DISA_STIG_Microsoft_PowerPoint_2013_v1r7.audit from DISA Microsoft PowerPoint 2013 v1r7 STIG | DISA STIG Microsoft PowerPoint 2013 v1r7 | Windows | |
| DISA_STIG_Microsoft_Publisher_2010_v1r12.audit from DISA Microsoft Publisher 2010 v1r12 STIG | DISA STIG Office 2010 Publisher v1r12 | Windows | |
| DISA_STIG_Microsoft_Publisher_2013_v1r6.audit from DISA Microsoft Publisher 2013 v1r6 STIG | DISA STIG Microsoft Publisher 2013 v1r6 | Windows | |
| DISA_STIG_Microsoft_Visio_2013_v1r5.audit from DISA Microsoft Visio 2013 v1r5 STIG | DISA STIG Microsoft Visio 2013 v1r5 | Windows | |
| DISA_STIG_Microsoft_Windows_10_v3r6.audit from DISA Microsoft Windows 10 STIG v3r6 | DISA Microsoft Windows 10 STIG v3r6 | Windows | |
| DISA_STIG_Microsoft_Windows_11_v2r7.audit from DISA Microsoft Windows 11 STIG v2r7 | DISA Microsoft Windows 11 STIG v2r7 | Windows | |
| DISA_STIG_Microsoft_Word_2013_v1r7.audit from DISA Microsoft Word 2013 v1r7 STIG | DISA STIG Microsoft Word 2013 v1r7 | Windows | |
| DISA_STIG_Oracle_WebLogic_Server_12c_Linux_v2r2_Middleware.audit from DISA Oracle WebLogic Server 12c v2r2 STIG | Oracle WebLogic Server 12c Linux v2r2 Middleware | Unix | |
| DISA_STIG_Solaris_10_SPARC_v2r4.audit from DISA Solaris 10 SPARC v2r4 STIG | DISA STIG Solaris 10 SPARC v2r4 | Unix | |
| DISA_STIG_Solaris_11_SPARC_v3r4.audit from DISA Solaris 11 SPARC STIG v3r4 | DISA Solaris 11 SPARC STIG v3r4 | Unix | |
| DISA_STIG_VMware_vSphere_8.0_ESXi_v2r3_Unix.audit from DISA VMware vSphere 8.0 ESXi STIG v2r3 | DISA VMware vSphere 8.0 ESXi STIG v2r3 Unix | Unix | |
| JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUEX-RT-000860 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000320 - The Juniper perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstops | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - hop-by-hop | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000400 - The Juniper out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-statement | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000510 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - policy-statement | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000530 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000600 - The Juniper MPLS router must be configured to have TTL Propagation disabled. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000710 - The Juniper PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000840 - The Juniper multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages - RP must be configured to rate limit the number of PIM Register messages. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000850 - The Juniper multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization - policy-options | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000850 - The Juniper multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization - protocols igmp | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000880 - The Juniper multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed - protocols pim | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000890 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers - loopback interface | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000900 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets. | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000910 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources - protocols msdp | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
