| NET-IPV6-025 - The network device must be configured to ensure IPv6 Site Local Unicast addresses are not defined in the enclave, (FEC0::/10) | CONFIGURATION MANAGEMENT |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF firewall filter log | AUDIT AND ACCOUNTABILITY |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF firewall filter reject | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF interfaces fail-filter | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-059 - The administrator must ensure that the maximum hop limit is at least 32. | CONFIGURATION MANAGEMENT |
| NET-IPV6-065 - The administrator must ensure the 6-to-4 router is configured to drop any IPv4 packets with protocol 41. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-066 - The administrator must ensure the 6-to-4 router is configured to drop any outbound IPv6 packets from the internal network. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-001 - The administrator must ensure that PIM is disabled on all interfaces that are not required to support multicast routing. | CONFIGURATION MANAGEMENT |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - Interfaces | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - PIM Filter Accept | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - PIM Filter Destination Address | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - PIM Filter Protocol PIM | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-010 - Ensure that multicast routers are configured to establish boundaries for Admin-local or Site-local scope multicast traffic. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-SRVFRM-003 - Server VLAN interfaces must be protected by restrictive ACLs using a deny-by-default security posture. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-TUNL-012 - Default routes must not be directed to the tunnel entry point. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-TUNL-017 - ISATAP tunnels must terminate at an interior router. | CONFIGURATION MANAGEMENT |
| NET-TUNL-034 - The administrator must ensure the that all L2TPv3 sessions are authenticated prior to transporting traffic. | IDENTIFICATION AND AUTHENTICATION |
| NET0230 - Network devices must be password protected - root password set | IDENTIFICATION AND AUTHENTICATION |
| NET0230 - Network devices must be password protected - ssh no-password | IDENTIFICATION AND AUTHENTICATION |
| NET0240 - Network devices must not have any default manufacturer passwords. | IDENTIFICATION AND AUTHENTICATION |
| NET0340 - Network devices must display the DoD-approved logon banner warning. | ACCESS CONTROL |
| NET0400 - The network element must authenticate all IGP peers - IS-IS authentication-key | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - The network element must authenticate all IGP peers - IS-IS authentication-type | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - The network element must authenticate all IGP peers - OSPF | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - The network element must authenticate all IGP peers - RIP authentication-key | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - The network element must authenticate all IGP peers - RIP authentication-type | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0405 - A service or feature that calls home to the vendor must be disabled. | CONFIGURATION MANAGEMENT |
| NET0408 - The network element must authenticate all BGP peers within the same or between autonomous systems (AS). | CONFIGURATION MANAGEMENT |
| NET0422 - Network devices must be configured with rotating keys used for authenticating IGP peers that have a duration of 180 days or less. | IDENTIFICATION AND AUTHENTICATION |
| NET0433 - Network devices must use two or more authentication servers for the purpose of granting administrative access | IDENTIFICATION AND AUTHENTICATION |
| NET0440 - In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. | ACCESS CONTROL |
| NET0441 - Emergency administration account privilege level is not set. | ACCESS CONTROL |
| NET0460 - Group accounts must not be configured for use on the network device. | ACCESS CONTROL |
| NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | ACCESS CONTROL |
| NET0470 - Unauthorized accounts must not be configured for access to the network device. | ACCESS CONTROL |
| NET0580 - The router administrator will ensure a password is required to gain access to the router's diagnostics port. | IDENTIFICATION AND AUTHENTICATION |
| NET0600 - The network element must be configured to ensure passwords are not viewable when displaying configuration information. | ACCESS CONTROL |
| NET0700 - The network element must be running a current and supported operating system with all IAVMs addressed. | CONFIGURATION MANAGEMENT |
| NET0730 - The network element must have the Finger service disabled. | CONFIGURATION MANAGEMENT |
| NET0740 - The network element must have HTTP service for administrative access disabled. | CONFIGURATION MANAGEMENT |
| NET0742 - The router administrator will ensure FTP server is disabled. | CONFIGURATION MANAGEMENT |
| NET0744 - The network element must have all BSDr commands disabled. | CONFIGURATION MANAGEMENT |
| NET0770 - The router must have IP source routing disabled. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0802 - The router administrator will ensure ICMPv6 unreachable notifications, and redirects are disabled on all external interfaces. | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0812 - The network element must use two or more NTP servers to synchronize time - NTP Server 1 | AUDIT AND ACCOUNTABILITY |
| NET0812 - The network element must use two or more NTP servers to synchronize time - NTP Server 2 | AUDIT AND ACCOUNTABILITY |
| NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers - NTP authentication-key | IDENTIFICATION AND AUTHENTICATION |
| NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers - NTP Server 1 key | IDENTIFICATION AND AUTHENTICATION |
| NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers - NTP Server 2 key | IDENTIFICATION AND AUTHENTICATION |
