| ARST-L2-000070 - The Arista MLS switch must have STP Loop Guard enabled on all nondesignated STP switch ports. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000090 - The Arista MLS layer 2 switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000110 - The Arista MLS layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000560 - The Arista BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000090 - The Cisco switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Cisco NX-OS Switch L2S v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000100 - The Cisco switch must have BPDU Guard enabled on all user-facing or untrusted access switch ports - BPDU Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Cisco NX-OS Switch L2S v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco switch must be configured to have IP directed broadcast disabled on all interfaces. | DISA STIG Cisco IOS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces - DODIN Backbone | DISA STIG Cisco IOS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco switch must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA STIG Cisco IOS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP switch must be configured to limit the prefix size on any inbound route advertisement to /24, or the least significant prefixes issued to the customer. - permit | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000610 - The MPLS switch with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core switches. | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE router must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile. - QoS policy in accordance with the QoS DODIN Technical Profile. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000770 - The Cisco P router must be configured to implement a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile - QoS policy in accordance with the QoS DODIN Technical Profile. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000890 - The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Configuring cookie encryption within the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| DG0103: DBMS Listener network restrictions - '%ORACLE_HOME%\NETWORK\ADMIN\SQLNET.ORA tcp.validnode_checking = YES' | DISA STIG Oracle 11 Installation v8r20 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000250 - Exchange Simple Mail Transfer Protocol (SMTP) IP Allow List entries must be empty. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000330 - Exchange must provide redundancy. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000175 - Exchange Message size restrictions must be controlled on Receive connectors. | DISA Microsoft Exchange 2013 Mailbox Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000210 - The Exchange Send connector connections count must be limited. | DISA Microsoft Exchange 2013 Mailbox Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000109 More than one Edge server must be deployed. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000114 Exchange send connector connections count must be limited. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-ED-000232 Exchange internal Send connectors must use an authentication level. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000233 Exchange internal send connectors must use an authentication level. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000215 - The BIG-IP Core implementation must be configured to protect against known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000151 - The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application - URIEnableCache | DISA IIS 8.5 Server v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000151 - The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application - UriMaxUriBytes | DISA IIS 8.5 Server v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| IISW-SV-000151 - The IIS 8.5 web server must be tuned to handle the operational requirements of the hosted application - UriScavengerPeriod | DISA IIS 8.5 Server v1r9 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000100 - The Juniper EX switch must be configured to enable STP Loop Protection on all non-designated STP switch ports. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000130 - The Juniper EX switch must be configured to enable IP Source Guard on all user-facing or untrusted access VLANs. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000140 - The Juniper EX switch must be configured to enable Dynamic Address Resolution Protocol (ARP) Inspection (DAI) on all user VLANs. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000600 - The Juniper router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000810 - The Juniper multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries - reuse | DISA STIG Juniper Router RTR v1r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000283 - OHS must have the Timeout directive properly set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Preserving or modifying HTTP response headers removed by the BIG-IP ASM system | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-08-040150 - A firewall must be able to protect against or limit the effects of Denial of Service (DoS) attacks by ensuring RHEL 8 can implement rate-limiting measures on impacted network interfaces. | DISA Red Hat Enterprise Linux 8 STIG v1r14 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| SP13-00-000060 - SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds - maxBandwidth | DISA STIG SharePoint 2013 v1r8 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| SYMP-NM-000320 - Symantec ProxySG must enable Attack Detection. | DISA Symantec ProxySG Benchmark NDM v1r2 | BlueCoat | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000019 - ESX Agent Manager must limit the number of allowed connections. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCEM-70-000032 - ESX Agent Manager must disable the shutdown port. | DISA STIG VMware vSphere 7.0 EAM Tomcat v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCFL-67-000029 - vSphere Client must disable the shutdown port. | DISA STIG VMware vSphere 6.7 Virgo Client v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLD-67-000027 - VAMI must protect against or limit the effects of HTTP types of denial-of-service (DoS) attacks. | DISA STIG VMware vSphere 6.7 VAMI-lighttpd v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCPF-67-000029 - Performance Charts must disable the shutdown port. | DISA STIG VMware vSphere 6.7 Perfcharts Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startup | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainer | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000220 - File Explorer heap termination on corruption must be disabled. | DISA Windows 11 STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
