Item Search

NameAudit NamePluginCategory
NET-NAC-031 - The switch must only allow a maximum of one registered MAC address per access port.DISA STIG Cisco L2 Switch V8R27Cisco
NET-VLAN-006 - The VLAN1 is being used for management traffic.DISA STIG Cisco L2 Switch V8R27Cisco
NET-VLAN-007 - Ensure trunking is disabled on all access ports.DISA STIG Cisco L2 Switch V8R27Cisco
NET-VLAN-008 - A dedicated VLAN is required for all trunk ports.DISA STIG Cisco L2 Switch V8R27Cisco
NET-VLAN-009 - Access switchports are assigned to the native VLANDISA STIG Cisco L2 Switch V8R27Cisco
NET0340 - Network devices must display the DoD-approved logon banner warning - 'banner login'DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET0340 - Network devices must display the DoD-approved logon banner warning - 'banner motd'DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET0433 - The device is not authenticated using a AAA server - 'ip http authentication'DISA STIG Cisco L2 Switch V8R27Cisco

IDENTIFICATION AND AUTHENTICATION

NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties.DISA STIG Cisco L2 Switch V8R27Cisco
NET0470 - Unauthorized accounts are configured to access device.DISA STIG Cisco L2 Switch V8R27Cisco
NET0740 - HTTP server is not disabledDISA STIG Cisco L2 Switch V8R27Cisco

CONFIGURATION MANAGEMENT

NET0744 - BSDr commands are not disabled - rcp-enableDISA STIG Cisco L2 Switch V8R27Cisco

CONFIGURATION MANAGEMENT

NET0813 - NTP messages are not authenticated - 'ntp authentication-key'DISA STIG Cisco L2 Switch V8R27Cisco

CONFIGURATION MANAGEMENT

NET0894 - Network element must only allow SNMP read access - 'community RW'DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET0894 - Network element must only allow SNMP read access - 'SNMP v3 priv|noauth'DISA STIG Cisco L2 Switch V8R27Cisco

CONFIGURATION MANAGEMENT

NET1624 - The console port does not timeout after 10 minutesDISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET1638 - Management connections must be secured by FIPS 140-2 - 'ssh algorithm encryption'DISA STIG Cisco L2 Switch V8R27Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1638 - Management connections must be secured by FIPS 140-2 -'ip http secure-server'DISA STIG Cisco L2 Switch V8R27Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1645 - SSH session timeout is not 60 seconds or less.DISA STIG Cisco L2 Switch V8R27Cisco

ACCESS CONTROL

NET1675 - SNMP privileged and non-privileged access.DISA STIG Cisco L2 Switch V8R27Cisco
WA060 A22 - A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ Extension.DISA STIG Apache Server 2.2 Unix v1r11Unix
WA00505 A22 - Web Distributed Authoring and Versioning (WebDAV) must be disabled.DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WA00510 A22 - Web server status module must be disabled.DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WA00520 A22 - The web server must not be configured as a proxy server.DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG040 A22 - Public web server resources must not be shared with private assets - exportsDISA STIG Apache Server 2.2 Unix v1r11Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WG040 A22 - Public web server resources must not be shared with private assets - hosts.lpdDISA STIG Apache Server 2.2 Unix v1r11Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WG040 A22 - Public web server resources must not be shared with private assets - mnttabDISA STIG Apache Server 2.2 Unix v1r11Unix

SYSTEM AND COMMUNICATIONS PROTECTION

WG050 A22 - The web server password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG050 W22 - The web server service password(s) must be entrusted to the SA or Web Manager.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG080 A22 - Installation of a compiler on production web server is prohibited.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG145 A22 - The private web server must use an approved DoD certificate validation process.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG204 A22 - A web server must be segregated from other services.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG204 A22 - A web server must be segregated from other services.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix
WG204 W22 - A web server installation must be segregated from other services.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG260 IIS6 - Only fully reviewed and tested web sites must exist on a production web server.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG275 W22 - The web server, although started by superuser or privileged account, must run using a non-privileged account.DISA STIG Apache Server 2.2 Windows v1r13Windows
WG300 A22 - Web server system files must conform to minimum file permission requirements - apache bin/*DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG300 A22 - Web server system files must conform to minimum file permission requirements - apache/*DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG300 A22 - Web server system files must conform to minimum file permission requirements - config/*DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG300 A22 - Web server system files must conform to minimum file permission requirements - htdocsDISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG300 A22 - Web server system files must conform to minimum file permission requirements - logs/*DISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG330 A22 - A public web server must limit email to outbound only - netstatDISA STIG Apache Server 2.2 Unix v1r11Unix

CONFIGURATION MANAGEMENT

WG350 A22 - A private web server will have a valid DoD server certificate.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG350 W22 - A private web server must have a valid DoD server certificate.DISA STIG Apache Site 2.2 Windows v1r13Windows
WG355 A22 - A private web server's list of CAs in a trust hierarchy must lead to an authorized DoD PKI Root CA.DISA STIG Apache Server 2.2 Unix v1r11Unix
WG355 IIS6 - A private web site must utilize certificates from a trusted DoD CA.DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG410 IIS6 - Interactive scripts must have proper access controls. - 'Execute Permissions set 'Script only'DISA STIG IIS 6.0 Site Checklist v6r16Windows
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.DISA STIG Apache Site 2.2 Unix v1r11Unix
WG430 A22 - Anonymous FTP user access to interactive scripts is prohibited.DISA STIG Apache Site 2.2 Unix v1r11 MiddlewareUnix
WG440 A22 - Monitoring software must include CGI or equivalent programs in its scope.DISA STIG Apache Server 2.2 Unix v1r11 MiddlewareUnix