| 1.6.3 If a Local Time Zone is used, Configure Daylight Savings | CIS Cisco NX-OS v1.2.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.1.1.1.2 Set the 'ip domain name' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2.1.1 Set 'ntp authenticate' | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 10 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 4.10.31.1 (L1) Ensure 'Enable RPC Endpoint Mapper Client Authentication' is set to 'Enabled' | CIS Microsoft Intune for Windows 11 v4.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| AIX7-00-002057 - AIX audit logs must be rotated daily. | DISA STIG AIX 7.x v3r1 | Unix | CONFIGURATION MANAGEMENT |
| AMLS-L3-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000110 - The Arista Multilayer Switch must disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| ARST-ND-000010 - The Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type. | DISA STIG Arista MLS EOS 4.x NDM v2r2 | Arista | ACCESS CONTROL |
| ARST-ND-000010 - The Arista network device must limit the number of concurrent sessions to an organization-defined number for each administrator account and/or administrator account type. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL |
| ARST-ND-000340 - The Arista network device must be configured to prohibit the use of all unnecessary and/or nonsecure functions, ports, protocols, and/or services. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | CONFIGURATION MANAGEMENT |
| ARST-ND-000380 - The Arista network device must enforce a minimum 15-character password length. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000490 - The Arista network device must terminate all network connections associated with a device management session at the end of the session, or the session must be terminated after 10 minutes of inactivity except to fulfill documented and validated mission requirements. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000600 - The Arista network device must be configured to synchronize internal system clocks using redundant authenticated time sources. | DISA STIG Arista MLS EOS 4.x NDM v2r2 | Arista | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000160 - The Arista perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA Cisco IOS XE Switch NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco switch must be configured to limit privileges to change the software resident within software libraries. | DISA Cisco IOS XE Switch NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA Cisco IOS XE Switch NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS XE Switch NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000050 - The Cisco switch must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000090 - The Cisco switch must not be configured to have any zero-touch deployment feature enabled when connected to an operational network. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an approved gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. | DISA Cisco IOS Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000370 - The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000480 - The Cisco BGP switch must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000640 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000680 - The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000880 - The Cisco multicast Designated switch (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA Cisco IOS XE Switch RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - PORT = 1521, 1575, 1830, 2481, 2482, 2483 or 2484' - cman.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DG0152-ORACLE11 - DBMS network communications should comply with PPS usage restrictions - PORT = 1521, 1575, 1830, 2481, 2482, 2483 or 2484' - listener.ora | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | CONFIGURATION MANAGEMENT |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Management_Interface_(VAMI)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Management Interface (VAMI) STIG v2r1 | Unix | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_Secure_Token_Service_(STS)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance Secure Token Service (STS) STIG v2r1 | Unix | |
| DISA_VMware_vSphere_8.0_vCenter_Appliance_User_Interface_(UI)_STIG_v2r1.audit from DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | DISA VMware vSphere 8.0 vCenter Appliance User Interface (UI) STIG v2r1 | Unix | |
| FGFW-ND-000290 - The FortiGate device must protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 6.1 v1r14 | Unix | CONFIGURATION MANAGEMENT |
| JUNI-RT-000280 - The Juniper perimeter router must be configured to protect an enclave connected to an approved gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA STIG Juniper Router RTR v3r2 | Juniper | ACCESS CONTROL |
