| AMLS-L2-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Arista MLS DCS-7000 Series L2S v1r3 | Arista | ACCESS CONTROL |
| AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000200 - The Arista Multilayer Switch must enforce that any interface used for out-of-band management traffic is configured to be passive for the Interior Gateway Protocol that is utilized on that management interface. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-171 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Catalina - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS-XR Router NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS Router NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS Switch NDM v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an Interior Gateway Protocol (IGP) peering with the NIPRNet or to other autonomous systems. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - neighbor | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - show ip prefix-list | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - neighbor | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS-XR Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-list | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - route-policy | DISA STIG Cisco IOS-XR Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS-XR Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000810 - The Cisco multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| DKER-EE-001240 - The Docker Enterprise hosts process namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL |
| DKER-EE-001250 - The Docker Enterprise hosts IPC namespace must not be shared. | DISA STIG Docker Enterprise 2.x Linux/Unix v2r2 | Unix | ACCESS CONTROL |
| GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL, SYSTEM AND SERVICES ACQUISITION |
| GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN003609 - The system must ignore IPv4 ICMP redirect messages. | DISA STIG AIX 6.1 v1r14 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000530 - The Juniper BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - as-path | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000535 - The Juniper BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - bgp import | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| KNOX-07-005500 - The Samsung must be configured to disable exceptions to the access control policy. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| PANW-IP-000001 - The Palo Alto Networks security platform must enable Antivirus, Anti-spyware, and Vulnerability Protection for all authorized traffic - Antivirus Services | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | ACCESS CONTROL |
| SP13-00-000030 - SharePoint must enforce approved authorizations for controlling the flow of information between interconnected systems in accordance with applicable policy. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
| SP13-00-000040 - SharePoint must provide the ability to prohibit the transfer of unsanctioned information in accordance with security policy. | DISA STIG SharePoint 2013 v2r3 | Windows | ACCESS CONTROL |
