| AIOS-14-005200 - Apple iOS/iPadOS must not allow non-DoD applications to access DoD data. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARST-RT-000280 - The Arista router must be configured to authenticate all routing protocol messages using NIST-validated FIPS 198-1 message authentication code algorithm. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco switch must be configured to have all inactive layer 3 interfaces disabled. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco switch must be configured to have all inactive Layer 3 interfaces disabled. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco switch must be configured to have all inactive layer 3 interfaces disabled. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - show ip prefix-list | DISA STIG Cisco IOS-XR Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000490 - The Cisco BGP switch must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000490 - The Cisco BGP switch must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - route policy | DISA STIG Cisco IOS-XR Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000800 - The Cisco multicast switch must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000800 - The Cisco multicast switch must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000800 - The Cisco multicast switch must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) switch must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Cisco switch (DR) for any undesirable multicast groups. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| DTBC-0023 - Cloud print sharing must be disabled. | DISA STIG Google Chrome v2r9 | Windows | ACCESS CONTROL |
| EX13-EG-000015 - Exchange must have accepted domains configured. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-EG-000025 - Exchange external Receive connectors must be domain secure-enabled. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | ACCESS CONTROL |
| EX13-MB-000015 - Exchange auto-forwarding email to remote domains must be disabled or restricted. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| F5BI-LT-000007 - The BIG-IP Core implementation must be configured to restrict or block harmful or suspicious communications traffic by controlling the flow of information between interconnected networks based on attribute- and content-based inspection of the source, destination, headers, and/or content of the communications traffic. | DISA F5 BIG-IP Local Traffic Manager STIG v2r3 | F5 | ACCESS CONTROL |
| GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Google Android 11 COPE v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| GOOG-11-004500 - Google Android 11 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes. | AirWatch - DISA Google Android 11 COPE v2r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| HONW-09-004500 - The Honeywell Mobility Edge Android Pie device must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Honeywell Android 9.x COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000010 - The Juniper router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000420 - The Juniper out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000480 - The Juniper BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - prefix-statement | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000490 - The Juniper BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000510 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - bgp export | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000790 - The Juniper multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - policy-options prefix | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000790 - The Juniper multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - policy-options statement | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000830 - The Juniper multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Juniper router (DR) for any undesirable multicast groups - policy-options | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Sharing data into the profile | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| OL6-00-000241 - The SSH daemon must not permit user environment settings. | DISA STIG Oracle Linux 6 v2r7 | Unix | ACCESS CONTROL |
| PANW-IP-000001 - The Palo Alto Networks security platform must enable Antivirus, Anti-spyware, and Vulnerability Protection for all authorized traffic - Antivirus Profiles | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | ACCESS CONTROL |
| SP13-00-000155 - For environments requiring an Internet-facing capability, the SharePoint application server upon which Central Administration is installed, must not be installed in the DMZ. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| ZEBR-10-004500 - Zebra Android 10 must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Zebra Android 10 COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
