| ARST-RT-000020 - The Arista BGP router must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000080 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000180 - The Arista perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000470 - The Arista BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - 800-53r4 Low | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - All Profiles | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Big Sur - Disable Internet Sharing | NIST macOS Big Sur v1.4.0 - 800-171 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CASA-FW-000020 - The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones. | DISA STIG Cisco ASA FW v2r1 | Cisco | ACCESS CONTROL |
| Catalina - Disable Internet Sharing | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Internet Sharing | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Catalina - Disable Internet Sharing | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| EDGE-00-000001 - User control of proxy settings must be disabled. | DISA STIG Edge v2r2 | Windows | ACCESS CONTROL |
| EX19-MB-000021 - Exchange auto-forwarding email to remote domains must be disabled or restricted. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2 | Windows | ACCESS CONTROL |
| GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0300 - The system must not have the bootp service active. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003602 - The system must not process Internet Control Message Protocol (ICMP) timestamp requests - 'timestamp-request -j DROP' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN003604 - The system must not respond to ICMP timestamp requests sent to a broadcast address. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN003608 - Proxy ARP must not be enabled on the system. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007800 - The system must not have Teredo enabled. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN007820 - The system must not have IP tunnels configured - '/sbin/ip tun list' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN007820 - The system must not have IP tunnels configured - 'ifconfig -a' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007820 - The system must not have IP tunnels configured - 'lstun -a' | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007860 - The system must ignore IPv6 ICMP redirect messages. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007900 - The system must use an appropriate reverse-path filter for IPv6 network traffic, if the system uses IPv6. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| GEN007920 - The system must not forward IPv6 source-routed packets - 'net.ipv6.conf.default.forwarding' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN007940 - The system must not accept source-routed IPv6 packets. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL |
| JUEX-RT-000010 - The Juniper router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000060 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000070 - The Juniper router configured for Multicast Source Discovery Protocol (MSDP) must filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000080 - The Juniper router configured for Multicast Source Discovery Protocol (MSDP) must filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000100 - The Juniper router configured for BGP must reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000120 - The Juniper router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000150 - The Juniper multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000160 - The Juniper router must be configured to have all inactive interfaces disabled. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000180 - The Juniper perimeter router must not be configured to be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000190 - The Juniper perimeter router must not be configured to redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000200 - The Juniper out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000210 - The Juniper out-of-band management (OOBM) gateway router must not be configured to redistribute routes between the management network routing domain and the managed network routing domain. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| Monterey - Disable Wi-Fi Interface | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL |
| Monterey - Disable Wi-Fi Interface | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL |
| Monterey - Disable Wi-Fi Interface | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL |
| Monterey - Disable Wi-Fi Interface | NIST macOS Monterey v1.0.0 - 800-53r5 Moderate | Unix | ACCESS CONTROL |
| SHPT-00-000165 - SharePoint must enable IRM to bind attributes to information to facilitate the organization's established information flow policy as needed. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
