| aaa accounting default group | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa auth console | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa auth default | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa authentication | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| aaa authentication login default fallback | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa new-model | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| AMLS-L3-000250 - The Arista Multilayer Switch must encrypt all methods of configured authentication for the OSPF routing protocol - ospf message-digest-key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | IDENTIFICATION AND AUTHENTICATION |
| Check for logging persistent | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| CISC-L2-000060 - The Cisco switch must be configured for authorized users to select a user session to capture. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000070 - The Cisco switch must be configured for authorized users to remotely view, in real time, all content related to an established user session from a component separate from The Cisco switch. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000140 - The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000150 - The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONTINGENCY PLANNING |
| CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | MAINTENANCE |
| CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Ensure hmac-sha2-256 is configured | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| ip access-list | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ip boot server | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ip http secure-server | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip http timeout | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip igmp snooping | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| ip igmp snooping vlan | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| ip ssh server algorithm mac | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| line con | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| line vty | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| logging ip | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ntp authenticate | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ntp server | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ntp trusted-key | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| policy-map review | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| radius server | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| radius-server host | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| snmp-server group | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| snmp-server host | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| snmp-server host | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| spanning-tree loopguard | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| vNetwork : verify-vlan-trunk | VMWare vSphere 5.X Hardening Guide | VMware | |
