Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Release Notes
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-004891
CCI
CCI|CCI-004891
Title
Implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
ARST-L2-000170 - The Arista MLS layer 2 switch must have all disabled switch ports assigned to an unused VLAN.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
ARST-L2-000170 - The Arista MLS layer 2 switch must have all disabled switch ports assigned to an unused VLAN.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000180 - The Arista MLS layer 2 switch must not have the default VLAN assigned to any host-facing switch ports.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000180 - The Arista MLS layer 2 switch must not have the default VLAN assigned to any host-facing switch ports.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
ARST-L2-000190 - The Arista MLS layer 2 switch must have the default VLAN pruned from all trunk ports that do not require it.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
ARST-L2-000190 - The Arista MLS layer 2 switch must have the default VLAN pruned from all trunk ports that do not require it.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000210 - The Arista MLS layer 2 switch must have all user-facing or untrusted ports configured as access switch ports.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000210 - The Arista MLS layer 2 switch must have all user-facing or untrusted ports configured as access switch ports.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
ARST-L2-000220 - The Arista MLS layer 2 switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
ARST-L2-000220 - The Arista MLS layer 2 switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000230 - The Arista MLS layer 2 switch must not have any switch ports assigned to the native VLAN.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-L2-000230 - The Arista MLS layer 2 switch must not have any switch ports assigned to the native VLAN.
Arista
DISA STIG Arista MLS EOS 4.x L2S v2r2
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface
Cisco
DISA STIG Cisco ASA FW v2r1
CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000230 - The Cisco switch must have the default VLAN pruned from all trunk ports that do not require it.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000270 - The Cisco switch must not have any switchports assigned to the native VLAN.
Cisco
DISA Cisco IOS Switch L2S STIG v3r1
CISC-L2-000270 - The Cisco switch must not have any switchports assigned to the native VLAN.
Cisco
DISA Cisco NX OS Switch L2S STIG v3r2
CISC-L2-000270 - The Cisco switch must not have any switchports assigned to the native VLAN.
Cisco
DISA Cisco IOS XE Switch L2S STIG v3r2
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA Cisco IOS XR Router RTR STIG v3r2
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA Cisco IOS Router RTR STIG v3r3
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA Cisco IOS XE Router RTR STIG v3r3
CISC-RT-000450 - The Cisco switch must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
Cisco
DISA Cisco IOS Switch RTR STIG v3r1
CISC-RT-000450 - The Cisco switch must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
Cisco
DISA Cisco IOS XE Switch RTR STIG v3r2
JUEX-L2-000190 - The Juniper EX switch must be configured to assign all explicitly disabled access interfaces to an unused VLAN.
Juniper
DISA Juniper EX Series Layer 2 Switch v2r3
JUEX-L2-000200 - The Juniper EX switch must not be configured with VLANs used for L2 control traffic assigned to any host-facing access interface.
Juniper
DISA Juniper EX Series Layer 2 Switch v2r3
JUEX-L2-000220 - The Juniper EX switch must not use the default VLAN for management traffic.
Juniper
DISA Juniper EX Series Layer 2 Switch v2r3
JUEX-RT-000460 - The Juniper out-of-band management (OOBM) gateway must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Juniper
DISA Juniper EX Series Router v2r1
JUEX-RT-000490 - The Juniper router must be configured to only permit management traffic that ingresses and egresses the OOBM interface.
Juniper
DISA Juniper EX Series Router v2r1
JUEX-RT-000920 - The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Juniper
DISA Juniper EX Series Router v2r1
JUEX-RT-000930 - The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Juniper
DISA Juniper EX Series Router v2r1
JUEX-RT-000960 - The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.
Juniper
DISA Juniper EX Series Router v2r1
JUNI-RT-000390 - The Juniper out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel - IPsec
Juniper
DISA STIG Juniper Router RTR v3r2
JUNI-RT-000390 - The Juniper out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel - Mgmt
Juniper
DISA STIG Juniper Router RTR v3r2
JUSX-AG-000019 - For User Role Firewalls, the Juniper SRX Services Gateway Firewall must employ user attribute-based security policies to enforce approved authorizations for logical access to information and system resources.
Juniper
DISA Juniper SRX Services Gateway ALG v3r3
