| 3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF MD5 Key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001702 - The BIND 9.x server implementation must prohibit the forwarding of queries to servers controlled by organizations outside of the U.S. Government. | DISA BIND 9.x STIG v2r3 | Unix | CONFIGURATION MANAGEMENT |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000100 - The Cisco switch must have Bridge Protocol Data Unit (BPDU) Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000150 - The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000180 - The Cisco switch must implement Rapid Spanning Tree Protocol (STP) where VLANs span multiple switches with redundant links. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000100 - The Cisco switch must be configured to automatically audit account modification. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000110 - The Cisco switch must be configured to automatically audit account disabling actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000280 - The Cisco switch must produce audit records containing information to establish when (date and time) the events occurred. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000290 - The Cisco switch must produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and non-secure functions and services. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000720 - The Cisco switch must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000880 - The Cisco switch must be configured to automatically audit account enabling actions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers to authenticate users prior to granting administrative access. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001440 - The Cisco switch must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001450 - The Cisco switch must be configured to send log data to at least two central log servers for the purpose of forwarding alerts to the administrators and the information system security officer (ISSO). | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000150 - The Cisco switch must be configured to have gratuitous ARP disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco switch must be configured to have IP directed broadcast disabled on all interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000310 - The Cisco perimeter switch must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF). | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco switch must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000660 - The Cisco PE switch providing MPLS Layer 2 Virtual Private Network (L2VPN) services must be configured to authenticate targeted Label Distribution Protocol (LDP) sessions used to exchange virtual circuit (VC) information using a FIPS-approved message authentication code algorithm. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000880 - The Cisco multicast Designated switch (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| DISA STIG VMware vSphere ESXi 6 Security Technical Implementation Guide Version 1 Release 5 | DISA STIG VMware vSphere 6.x ESXi OS v1r5 | Unix | |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Local_Client_v1r6.audit from DISA McAfee VSEL 1.9/2.0 Local Client v1r6 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6 | Unix | |
| DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Managed_Client_v1r5.audit from DISA McAfee VSEL 1.9/2.0 Managed Client v1r5 STIG | McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Managed Client v1r5 | Unix | |
| DISA_STIG_Server_2012_and_2012_R2_DC_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Domain Controller v3r7 STIG | DISA Windows Server 2012 and 2012 R2 DC STIG v3r7 | Windows | |
| DISA_STIG_Server_2012_and_2012_R2_MS_v3r7.audit from DISA Microsoft Windows Server 2012/2012 R2 Member Server v3r7 STIG | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Photon_OS_4.0_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
