| 1.1.2 Ensure 'Enable Password' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4.2 command accounting | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.1.9 Set 'aaa accounting network' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.2.1 Ensure 'Domain Name' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2.2 Ensure 'Host Name' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Failover' is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.4 Ensure 'Unused Interfaces' is disable | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.9 Set 'transport input none' for 'line aux 0' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.10 Set 'exec-timeout' to less than or equal to 10 min on 'ip http' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.2 Ensure 'Image Authenticity' is correct | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | ACCESS CONTROL |
| 1.4.4.2 Ensure 'aaa authorization exec' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.5 Set 'logging trap informational' | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.5.1 Ensure 'ASDM banner' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AWARENESS AND TRAINING |
| 1.5.1 Set 'no snmp-server' to disable SNMP when unused | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.2 Ensure 'EXEC banner' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AWARENESS AND TRAINING |
| 1.5.2 Unset 'private' for 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.3 Unset 'public' for 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.8 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.2 Restrict VTY Access | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.10.3 Ensure 'syslog hosts' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.4 Ensure 'logging with the device ID' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.5 Ensure 'logging history severity level' is set to greater than or equal to '5' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.10 Ensure email logging is configured for critical to emergency | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.11.3 Ensure 'snmp-server host' is set to 'version 3' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.11.4 Ensure 'SNMP traps' is enabled - coldstart | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.2.1 Authentication | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.3 Ensure 'EIGRP authentication' is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'noproxyarp' is enabled for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.6 Set 'service timestamps debug datetime' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.8 Set 'login success/failure logging' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4.2 Set AAA 'source-interface' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL |
| 2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 3.1 Ensure DNS services are configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.4 Set 'ip verify unicast source reachable-via' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Set 'key' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.3.1 Set 'neighbor password' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.11 Ensure Java applet filtering is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.11 Ensure Java applet filtering is enabled | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000500 - The Juniper EX switch must be configured to prohibit the use of cached authenticators after an organization-defined time period. | DISA Juniper EX Series Network Device Management v2r3 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| VCSA-80-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized. | DISA VMware vSphere 8.0 vCenter STIG v2r2 | VMware | CONFIGURATION MANAGEMENT |
