| 1.6.3 Configure Netflow on Strategic Ports | CIS Cisco NX-OS L2 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.69 (L1) Ensure 'Configure the list of types that are excluded from synchronization' is set to 'Enabled' | CIS Microsoft Edge v3.0.0 L1 | Windows | CONFIGURATION MANAGEMENT |
| 2.2.3 - Configuring SSH - server protocol - 'Protocol 2' | CIS AIX 5.3/6.1 L1 v1.1.0 | Unix | |
| 3.4 Restrict Zone-Transfers 'Zone Transfer Server 2' | CIS ISC BIND 9.0/9.5 v2.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.28.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 + BitLocker | Windows | CONFIGURATION MANAGEMENT |
| 18.10.28.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled' | CIS Microsoft Windows 11 Enterprise v3.0.0 L2 | Windows | CONFIGURATION MANAGEMENT |
| 18.10.28.2 (L2) Ensure 'Turn off account-based insights, recent, favorite, and recommended files in File Explorer' is set to 'Enabled' | CIS Microsoft Windows 11 Stand-alone v3.0.0 L2 BL | Windows | CONFIGURATION MANAGEMENT |
| check for correct radius server 1/2 | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| check for correct radius server 2/2 | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| check for correct TACACS+ server 1/2 | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| check for correct TACACS+ server 2/2 | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| check for ntp server 2 | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | |
| check for server 2 in group | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | |
| check ntp server #2 set | CIS Fortigate 7.0.x v1.3.0 L1 | FortiGate | |
| CISC-RT-000690 - The Cisco PE router must be configured to enforce the split-horizon rule for all pseudowires within a Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000690 - The Cisco PE switch must be configured to enforce the split-horizon rule for all pseudowires within a Virtual Private LAN Services (VPLS) bridge domain. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| DNS Profile - Address - DNS Server 2 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Huawei: Command Levels Not Changed | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Device clock disable DST adjustment | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Disable SNMP write access | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Disable Telnet on IPV4 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Disable Telnet on IPV6 | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Enable AAA authentication | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Enable SNMP Traps | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Information Center is not disabled. | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: Insecure HTTP is not configured. | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Require Group for SNMPv3 Access | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Huawei: Review Device Info/Version | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: Set appropriate 'login' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set appropriate 'shell' header | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: Set super password | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: Simple Password Authentication is not used. | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SNMP appropriate trap host | TNS Huawei VRP Best Practice Audit | Huawei | AUDIT AND ACCOUNTABILITY |
| Huawei: SNMP Community string != private | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SNMP Community string != public | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: SNMP is Configured | TNS Huawei VRP Best Practice Audit | Huawei | |
| Huawei: SSH Max Retries <= 3 | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| Huawei: User Interfaces are Authenticated | TNS Huawei VRP Best Practice Audit | Huawei | IDENTIFICATION AND AUTHENTICATION |
| Huawei: User Interfaces Configured Inbound SSH | TNS Huawei VRP Best Practice Audit | Huawei | CONFIGURATION MANAGEMENT |
| Huawei: User Interfaces Idle Timeout Less Than 5 Minutes | TNS Huawei VRP Best Practice Audit | Huawei | ACCESS CONTROL |
| JUEX-L2-000050 - The Juniper EX switch must be configured to permit authorized users to select a user session to capture. | DISA Juniper EX Series Layer 2 Switch v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| ntp server 2 | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | |
| ntp server 2 | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | |
| Verify an external loghost is configured | TNS Huawei VRP Best Practice Audit | Huawei | |
| Verify SNMP trap agent is configured before checking host | TNS Huawei VRP Best Practice Audit | Huawei | |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001290 - WebSphere Application Server must utilize FIPS 140-2-approved encryption modules when authenticating users and processes. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLEngine' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG340 W22 - A private web server must utilize an approved TLS version. - 'SSLProtocol' | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
