| 1.6 Ensure maximum RAM is installed | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | CONFIGURATION MANAGEMENT |
| 6.1.2 Ensure Accounting of Logins | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | AUDIT AND ACCOUNTABILITY |
| 6.1.3 Ensure Accounting of Configuration Changes | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | AUDIT AND ACCOUNTABILITY |
| AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AOSX-15-100001 - The macOS system must be a supported release. | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | CONFIGURATION MANAGEMENT |
| ARST-RT-000160 - The Arista perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000160 - The Arista perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | ACCESS CONTROL |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XE Router RTR STIG v3r5 | Cisco | ACCESS CONTROL |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an approved gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| DISA_IIS_8.5_Web_Server_v2r7.audit from DISA Microsoft IIS 8.5 Server v2r7 STIG | DISA IIS 8.5 Server v2r7 | Windows | |
| DISA_IIS_8.5_Web_Site_v2r9.audit from DISA Microsoft IIS 8.5 Site v2r9 STIG | DISA IIS 8.5 Site v2r9 | Windows | |
| DISA_Oracle_11g_Installation_v9r1_OS_Linux.audit from DISA Oracle Database 11g Installation STIG v9r1 STIG | DISA STIG Oracle 11 Installation v9r1 Linux | Unix | |
| DISA_Oracle_11g_Installation_v9r1_OS_Windows.audit from DISA Oracle Database 11g Installation STIG v9r1 STIG | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | |
| DISA_Oracle_11g_Instance_v9r1_OS_Linux.audit from DISA Oracle Database 11g Instance STIG v9r1 STIG | DISA STIG Oracle 11 Instance v9r1 OS Unix | Unix | |
| DISA_Oracle_11g_Instance_v9r1_OS_Windows.audit from DISA Oracle Database 11g Instance STIG v9r1 STIG | DISA STIG Oracle 11 Instance v9r1 OS Windows | Windows | |
| DISA_STIG_Kubernetes_v2r5.audit from DISA Kubernetes v2r5 STIG | DISA STIG Kubernetes v2r5 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r7_Linux.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox Linux v6r7 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r7_MacOS.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox MacOS v6r7 | Unix | |
| DISA_STIG_Mozilla_Firefox_v6r7_Windows.audit from DISA Mozilla Firefox v6r7 STIG | DISA STIG Mozilla Firefox Windows v6r7 | Windows | |
| DISA_STIG_MSSQL_2012_Database_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIG | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | |
| DISA_STIG_MSSQL_2012_Instance-DB_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIG | DISA STIG SQL Server 2012 DB Instance Security v1r20 | MS_SQLDB | |
| DISA_STIG_MSSQL_2012_Instance-OS_v1r20.audit from DISA Microsoft SQL Server Instance 2012 v1r20 STIG | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | |
| GEN000100 - The operating system must be a supported release. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| JUEX-RT-000170 - The Juniper perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000180 - The Juniper perimeter router must not be configured to be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000510 - The Juniper perimeter router must be configured to block all packets with any IP options. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000760 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000770 - The Juniper perimeter router must be configured to block all outbound management traffic. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-001010 - The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-ND-001470 - The Juniper router must be running a Junos release that is currently supported by Juniper Networks. | DISA STIG Juniper Router NDM v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000280 - The Juniper perimeter router must be configured to protect an enclave connected to an approved gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000290 - The Juniper perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an approved gateway service provider - BGP peer to an alternate gateway service provider. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
| JUNI-RT-000350 - The Juniper perimeter router must be configured to block all packets with any IP options. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000370 - The Juniper perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000380 - The Juniper perimeter router must be configured to block all outbound management traffic. | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000381 - The Juniper perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUSX-AG-000124 - The Juniper SRX Services Gateway Firewall must block outbound traffic containing known and unknown denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints - DoS attacks against other networks or endpoints. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000126 - The Juniper SRX Services Gateway Firewall must only allow inbound communications from organization-defined authorized sources routed to organization-defined authorized destinations. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000127 - The Juniper SRX Services Gateway Firewall must be configured to fail securely in the event of an operational failure of the firewall filtering or boundary protection function. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUSX-AG-000144 - The Juniper SRX Services Gateway Firewall must continuously monitor all inbound communications traffic for unusual/unauthorized activities or conditions. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-AG-000145 - The Juniper SRX Services Gateway Firewall must continuously monitor outbound communications traffic for unusual/unauthorized activities or conditions. | DISA Juniper SRX Services Gateway ALG v3r3 | Juniper | SYSTEM AND INFORMATION INTEGRITY |
| JUSX-VN-000004 - The Juniper SRX Services Gateway VPN device also fulfills the role of IDPS in the architecture, the device must inspect the VPN traffic in compliance with DoD IDPS requirements. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | ACCESS CONTROL |
| JUSX-VN-000022 - The Juniper SRX Services Gateway VPN must terminate all network connections associated with a communications session at the end of the session. | DISA Juniper SRX Services Gateway VPN v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OL6-00-000010 - The Oracle Linux operating system must be a vendor-supported release. | DISA STIG Oracle Linux 6 v2r7 | Unix | CONFIGURATION MANAGEMENT |
