| AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r2 | Arista | ACCESS CONTROL |
| AMLS-L3-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000110 - The Arista Multilayer Switch must disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000120 - The Arista Multilayer Switch must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - PIM neighbor filter to interfaces that have PIM enabled. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000130 - The Arista Multilayer Switch must establish boundaries for IPv6 Admin-Local, IPv6 Site-Local, IPv6 Organization-Local scope, and IPv4 Local-Scope multicast traffic. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000140 - The Arista Multilayer Switch must be configured so inactive router interfaces are disabled. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000170 - The Arista Multilayer Switch must not redistribute static routes to alternate gateway service provider into an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other Autonomous System. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000190 - The Arista Multilayer Switch must enforce that the managed network domain and the management network domain are separate routing domains and the Interior Gateway Protocol instances are not redistributed or advertised to each other. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000200 - The Arista Multilayer Switch must enforce that any interface used for out-of-band management traffic is configured to be passive for the Interior Gateway Protocol that is utilized on that management interface. | DISA STIG Arista MLS DCS-7000 Series RTR v1r3 | Arista | ACCESS CONTROL |
| ARST-RT-000110 - The Arista perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000120 - The Arista multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000130 - The Arista multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000150 - The Arista router must be configured to have all inactive interfaces disabled. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000160 - The Arista perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000180 - The Arista perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000190 - The out-of-band management (OOBM) Arista gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000200 - The out-of-band management (OOBM) Arista gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| ARST-RT-000210 - The multicast Rendezvous Point (RP) Arista router must be configured to filter Protocol Independent Multicast (PIM) Register and Join messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA STIG Arista MLS EOS 4.2x Router v1r1 | Arista | ACCESS CONTROL |
| CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied | DISA STIG Cisco ASA FW v1r4 | Cisco | ACCESS CONTROL |
| CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ingress ACL | DISA STIG Cisco ASA FW v1r4 | Cisco | ACCESS CONTROL |
| CASA-FW-000020 - The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones. | DISA STIG Cisco ASA FW v1r4 | Cisco | ACCESS CONTROL |
| CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies - ACL | DISA STIG Cisco ASA VPN v1r3 | Cisco | ACCESS CONTROL |
| CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies - crypto map | DISA STIG Cisco ASA VPN v1r3 | Cisco | ACCESS CONTROL |
| DTBI990-IE11 - Dragging of content from different domains across windows must be disallowed (Internet zone). | DISA STIG IE 11 v2r4 | Windows | ACCESS CONTROL |
| EDGE-00-000001 - User control of proxy settings must be disabled. | DISA STIG Edge v1r7 | Windows | ACCESS CONTROL |
| FNFG-FW-000005 - The FortiGate firewall must use filters that use packet headers and packet attributes, including source and destination IP addresses and ports. | DISA Fortigate Firewall STIG v1r3 | FortiGate | ACCESS CONTROL |
| JUEX-RT-000110 - The Juniper router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000120 - The Juniper router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000130 - The Juniper router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000140 - The Juniper router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000150 - The Juniper multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000160 - The Juniper router must be configured to have all inactive interfaces disabled. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000170 - The Juniper perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000180 - The Juniper perimeter router must not be configured to be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000190 - The Juniper perimeter router must not be configured to redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000200 - The Juniper out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000210 - The Juniper out-of-band management (OOBM) gateway router must not be configured to redistribute routes between the management network routing domain and the managed network routing domain. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000220 - The Juniper multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUEX-RT-000230 - The Juniper multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA Juniper EX Series Router v1r3 | Juniper | ACCESS CONTROL |
| JUSX-IP-000003 - The Juniper Networks SRX Series Gateway IDPS must restrict or block harmful or suspicious communications traffic between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA Juniper SRX Services Gateway IDPS v1r2 | Juniper | ACCESS CONTROL |
| SHPT-00-000130 - For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed must not be installed in the DMZ. | DISA STIG SharePoint 2010 v1r9 | Windows | ACCESS CONTROL |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - SSL | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000070 - Symantec ProxySG must restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - SSL | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000090 - Symantec ProxySG must immediately use updates made to policy enforcement mechanisms such as policies and rules - Web Access | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
