| Check for BGP | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for netflow | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for no ntp source-address | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for no radius source-address | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for policy-options route-filters | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for RIP | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for SNMP v3 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| Check for TACACS+ | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF enabled | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF firewall filter log | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | AUDIT AND ACCOUNTABILITY |
| NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF interfaces fail-filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-059 - The administrator must ensure that the maximum hop limit is at least 32. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - PIM Filter Destination Address | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-002 - A PIM neighbor filter is bound to all interfaces that have PIM enabled - PIM Filter Protocol PIM | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-SRVFRM-003 - Server VLAN interfaces must be protected by restrictive ACLs using a deny-by-default security posture. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-TUNL-012 - Default routes must not be directed to the tunnel entry point. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-TUNL-034 - The administrator must ensure the that all L2TPv3 sessions are authenticated prior to transporting traffic. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0230 - Network devices must be password protected - ssh no-password | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0240 - Network devices must not have any default manufacturer passwords. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0400 - The network element must authenticate all IGP peers - RIP authentication-key | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0405 - A service or feature that calls home to the vendor must be disabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET0422 - Network devices must be configured with rotating keys used for authenticating IGP peers that have a duration of 180 days or less. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0433 - Network devices must use two or more authentication servers for the purpose of granting administrative access | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0440 - In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
| NET0460 - Group accounts must not be configured for use on the network device. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
| NET0600 - The network element must be configured to ensure passwords are not viewable when displaying configuration information. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
| NET0730 - The network element must have the Finger service disabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET0744 - The network element must have all BSDr commands disabled. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET0745 - The network element must have the Maintenance Operation Protocol (MOP) service disabled. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
| NET0745 - The network element must have the Maintenance Operation Protocol (MOP) service disabled. | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | |
| NET0812 - The network element must use two or more NTP servers to synchronize time - NTP Server 2 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | AUDIT AND ACCOUNTABILITY |
| NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers - NTP authentication-key | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET0987 - Traffic from the managed network is able to access the OOBM gateway router - loopback filter | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0993 - The network element's management interface is not configured as passive for the IGP instance deployed in the managed network. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1005 - An inbound ACL is not configured for the management network sub-interface of the trunk link to block non-management traffic. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1021 - The network element must log all messages except debugging and send all log data to a syslog server. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | AUDIT AND ACCOUNTABILITY |
| NET1623 - The network device must require authentication for console access - Classes | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1624 - The network element must time out access to the console port after 10 minutes or less of inactivity - Super-user-local Class | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
| NET1629 - The network element's auxiliary port must be disabled unless it is connected to a secured modem. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET1636 - The network device must require authentication prior to establishing a management connection for administrative access - Classes | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1638 - Management connections must be established using secure protocols with FIPS 140-2 modules - HTTP | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
| NET1638 - Management connections must be established using secure protocols with FIPS 140-2 modules - other services | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1645 - The network element must be configured to timeout after 60 seconds or less for incomplete or broken SSH sessions. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | ACCESS CONTROL |
| NET1660 - The network device must use SNMPv3 Security Model with FIPS 140-2 validated cryptography - authentication-none | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1660 - The network device must use SNMPv3 Security Model with FIPS 140-2 validated cryptography - SNMP v1/2 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1665 - The network device must not use the default or well-known SNMP community strings public and private - SNMPv1/2 public | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1665 - The network device must not use the default or well-known SNMP community strings public and private - SNMPv3 private | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1665 - The network device must not use the default or well-known SNMP community strings public and private - SNMPv3 public | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1675 - The network device must use different SNMP community names or groups for various levels of read and write access - SNMPv1/2 | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| NET1808 - Gateway configuration at the remote VPN end-point is a not a mirror of the local gateway | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | CONFIGURATION MANAGEMENT |
