| 2.1.2 Set 'no cdp run' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Set 'no cdp run' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| aaa authentication | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF message-digest | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| Check if CDP is diabled | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| Check if Cisco IOS is installed | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| CISC-L2-000030 - The Cisco switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000180 - The Cisco switch must implement Rapid Spanning Tree Protocol (STP) where VLANs span multiple switches with redundant links. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
| CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000060 - The Cisco switch must be configured to have all inactive Layer 3 interfaces disabled. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000210 - The Cisco switch must be configured to produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000740 - The Cisco PE switch must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000780 - The Cisco switch must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| deny 192.0.2.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| deny 203.0.113.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 5 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 11 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 49 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 195 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type home-address | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| DODIN Backbone | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| enable secret | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| enrollment | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | CONFIGURATION MANAGEMENT |
| interface dot1x | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| ip http authentication aaa login-authentication | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ip http secure-server | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ip igmp snooping vlan | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| ip ssh version 2 | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| logging userinfo | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| mpls label protocol ldp | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| permit 0, 1, or 3-255 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| service password-encryption | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
