| aaa accounting default group | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa authentication | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| aaa authentication login default group | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa group | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| Check for session-limit | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| Check for snmp-server | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks - DoS attacks. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000120 - The Cisco switch must have Unknown Unicast Flood Blocking (UUFB) enabled. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000150 - The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000160 - The Cisco switch must have Storm Control configured on all host-facing switchports. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000190 - The Cisco switch must enable Unidirectional Link Detection (UDLD) to protect against one-way connections. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000210 - The Cisco switch must have all disabled switch ports assigned to an unused VLAN. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000250 - The Cisco switch must have all user-facing or untrusted ports configured as access switch ports. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000260 - The Cisco switch must have the native VLAN assigned to an ID other than the default VLAN for all 802.1q trunk links. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000270 - The Cisco switch must not have any switchports assigned to the native VLAN. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000160 - The Cisco switch must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000210 - The Cisco switch must be configured to protect against an individual falsely denying having performed organization-defined actions to be covered by non-repudiation. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000280 - The Cisco switch must produce audit records containing information to establish when (date and time) the events occurred. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000290 - The Cisco switch must produce audit records containing information to establish where the events occurred. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000940 - The Cisco switch must be configured to audit the execution of privileged functions. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001210 - The Cisco switch must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | MAINTENANCE |
| CISC-ND-001250 - The Cisco switch must be configured to generate log records when administrator privileges are deleted. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| dot1x port-control auto | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| dot1x system-auth-control | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| enrollment | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| interface dot1x | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| ip dhcp snooping | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| ip dhcp snooping | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| ip http authentication aaa login-authentication | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip http max connections | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip igmp snooping vlan | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| ip ssh version 2 | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| line con | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| login on-success | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ntp authenticate | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ntp server | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ntp trusted-key | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| radius server | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| show snmp user | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
