| CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetime | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peer | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-group | DISA STIG Cisco ASA FW v1r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets - deny | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets - outside interface | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets - outside interface | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets - undetermined-transport | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets - deny | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - deny ipv6 any any | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - permit 0, 1, or 3-255 | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - traffic-filter | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - permit | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - traffic-filter | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - outside interface | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - outside interface | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - dest-option-type | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - dest-option-type | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - outside interface | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - traffic-filter | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - deny | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - deny | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dest-option-type | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dest-option-type | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - deny | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - deny | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - dest-option-type | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - outside interface | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type | DISA STIG Cisco IOS-XR Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type | DISA STIG Cisco IOS Router RTR v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - traffic-filter | DISA STIG Cisco IOS XE Router RTR v2r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - deny | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - traffic-filter | DISA STIG Cisco IOS XE Switch RTR v2r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AF-000223 - The BIG-IP AFM module must be configured to only allow incoming communications from authorized sources routed to authorized destinations - Active FW Rules | DISA F5 BIG-IP Advanced Firewall Manager 11.x STIG v1r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AF-000223 - The BIG-IP AFM module must be configured to only allow incoming communications from authorized sources routed to authorized destinations - Virtual Servers | DISA F5 BIG-IP Advanced Firewall Manager 11.x STIG v1r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000115 - The FortiGate firewall must apply ingress filters to traffic that is inbound to the network through any active external interface. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000383 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000384 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dstops | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000385 - The Juniper perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - hop-by-hop | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000386 - The Juniper perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstops | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - hop-by-hop | DISA STIG Juniper Router RTR v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-AG-000550 - Symantec ProxySG must allow incoming communications only from organization-defined authorized sources routed to organization-defined authorized destinations - Rules | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
