| More than one local account is defined - aaa new-model | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| More than one local account is defined aaa auth | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET-IPV6-025 - IPv6 Site Local Unicast ADDR must not be defined | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET-MCAST-010 - No Admin-local or Site-local boundary - 'ip multicast boundary' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-SRVFRM-004 - ACLs do not protect against compromised servers | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET-TUNL-034 - L2TPv3 sessions are not authenticated - authentication check | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET-VLAN-004 - VLAN 1 is being used as a user VLAN - 'no ip address'. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-VLAN-004 - VLAN 1 is being used as a user VLAN - 'shutdown'. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | ACCESS CONTROL |
| NET-VLAN-008 - A dedicated VLAN is required for all trunk ports. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication mode)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET0700 - Operating system is not at a current release level | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0740 - HTTP server is not disabled | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0744 - BSDr commands are not disabled - rcp-enable | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_2' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0812 - Two NTP servers are not used to synchronize time - 'ntp update-calendar' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET0894 - Network element must only allow SNMP read access - 'SNMP v3 auth' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| NET0894 - Network element must only allow SNMP read access - 'SNMP v3 priv|noauth' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0897 - TACACS Authentication traffic does not use loopback interface. | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0899 - NTP traffic is not using loopback address | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0949 - Cisco Express Fowarding (CEF) not enabled on supported devices | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0966 - Control plane protection is not enabled - 'ip receive acl in use' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0985 - IGP instances do not peer with appropriate domain | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0989 - Management traffic leaks into the managed network - 'access-list OOBM_INGRESS_ACL deny' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0991 - The OOBM interface not configured correctly | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL deny)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL permit LOCAL_MANAGEMENT_NETWORK)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0993 - The management interface is not IGP passive | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL Permit/Deny' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET1007 - Management traffic is not classified and marked - 'class-map match-all MANAGEMENT_TRAFFIC' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1021 - The network element must log all messages except debugging. - 'Logging console notifications' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1623 - Authentication required for console access - 'AUX port (login authentication AUTH_LIST)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | ACCESS CONTROL |
| NET1637 - Management connections are not restricted - 'VTY port (access-class ACL_LIST in)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1638 - Management connections must be secured by FIPS 140-2 -'input ssh' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ip http secure-server' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ssh algorithm encryption' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1639 - Management connection does not timeout | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | ACCESS CONTROL |
| NET1640 - Management connections must be logged | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1647 - The network element must not allow SSH Version 1 | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET1660 - An insecure version of SNMP is being used | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | CONFIGURATION MANAGEMENT |
| NET1800 - IPSec VPN is not configured as a tunnel type VPN | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| NET1807 - Management traffic is not restricted - 'crypto map OOBM_VPN (match address OOBM_VPN_ACL)' | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Network element must only allow SNMP read access | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| SNMPv2 CONFIG IF STATEMENT | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
| SNMPv3 CONFIG IF STATEMENT With ACL | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | |
