| aaa auth | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| account | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| Check for mpls | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| Check for multicast-routing or pim | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| Check for reduced vty | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| Check for udld enable globally | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| Check if Cisco IOS is installed | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| Check if LLDP is disabled | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000160 - The Cisco switch must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-001220 - The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000180 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000200 - The Cisco switch must be configured to log all packets that have been dropped at interfaces via an access control list (ACL). | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000220 - The Cisco switch must be configured to produce audit records containing information to establish the source of the events. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000236 - The Cisco switch must be configured to advertise a hop limit of at least 32 in Switch Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco switch must not be configured to use IPv6 Site Local Unicast addresses. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000770 - The Cisco P switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000790 - The Cisco multicast switch must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000800 - The Cisco multicast switch must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000890 - The Cisco multicast Designated switch (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| crypto pki trustpoint | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| deny 0.0.0.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| deny 127.0.0.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| deny 240.0.0.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 2 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 13 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 16 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 36 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 39 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 47 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dot1x system-auth-control | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| interface | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ip | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ip dhcp snooping vlan | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| ip igmp snooping | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| ip unreachables | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ipv6 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| line vty | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| login on-success | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ntp authentication-key | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| outside interface | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| outside-interface | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| snmp-server group | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| snmp-server host | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| snmp-server view | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| spanning-tree loopguard | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| spanning-tree mode | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
