| NET-IPV6-059 - Maximum hop limit is less than 32 | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET-IPV6-066 - 6-to-4 router not filtering invalid source address - 'permit ipv6 2002:V4ADDR::/48' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-001 - PIM enabled on wrong interfaces -'ipv6 multicast-routing' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 access-list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-010 - No Admin-local or Site-local boundary - 'ip multicast boundary' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-010 - No Admin-local or Site-local boundary - 'ipv6 multicast boundary scope 5' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-010 - No Admin-local or Site-local boundary - ip access-list standard - 'deny 239' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'aaa new-model' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| NET-VLAN-002 - Disabled ports are not kept in an unused VLAN. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-004 - VLAN 1 is being used as a user VLAN - 'no ip address'. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-VLAN-005 - VLAN 1 traffic traverses across unnecessary trunk | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-007 - Ensure trunking is disabled on all access ports. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-008 - A dedicated VLAN is required for all trunk ports. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-023 - Restricted VLAN not assigned to non-802.1x device. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-024 - Restricted VLAN not assigned to non-802.1x device. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication key-chain)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0408 - BGP must authenticate all peers | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite - Key 1' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to accept-lifetime infinite' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0470 - Unauthorized accounts are configured to access device | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0722 - The PAD service is enabled | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET0750 - The Bootp service is not disabled | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET0760 - Configuration auto-loading must be disabled - 'book network' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET0820 - DNS servers must be defined for client resolver | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0987 - Managed network has access to OOBM gateway router - 'ip receive acl IP_RECEIVE_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL permit' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0991 - The OOBM interface not configured correctly | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 1 (Ingress ACL)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 3 (access-list MGMT_EGRESS_ACL deny)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'MGMT VLAN ID' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0995 - Management VLAN has invalid addresses | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET1004 - No ingress ACL on management VLAN interface | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'crypto map IN_BAND_MGMT_VPN - match address IN_BAND_MGMT_VPN_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'class-map match-all MANAGEMENT_TRAFFIC' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1008 - Management traffic doesn't get preferred treatment | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET1021 - The network element must log all messages except debugging. - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1030 - Running and startup configurations are not synchronized | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ip http server' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ssh algorithm mac' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1640 - Management connections must be logged - login failure | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1807 - Management traffic is not restricted - 'access list OOBM_VPN_ACL permit' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1807 - Management traffic is not restricted - 'crypto map OOBM_VPN (match address OOBM_VPN_ACL)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| RADIUS Authentication traffic does not use loopback | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
