| ARST-L2-000060 - The Arista MLS layer 2 switch must have BPDU Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000510 - The Arista router must be configured to have gratuitous ARP disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000540 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) mask replies disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000580 - The multicast Rendezvous Point (RP) Arista router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000590 - The Arista multicast Designated Router (DR) must be configured to increase the shortest-path tree (SPT) threshold or set it to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000220 - The Cisco ASA must be configured to implement scanning threat detection. | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature | DISA STIG Cisco ASA NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000230 Exchange must not send delivery reports to remote domains. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX19-MB-000233 Exchange internal send connectors must use an authentication level. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-DM-000290 - If the BIG-IP appliance is being used to authenticate users for web applications, the HTTPOnly flag must be set. | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FGFW-ND-000290 - The FortiGate device must protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA Fortigate Firewall NDM STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000090 - The Juniper EX switch must be configured to enable BPDU Protection on all user-facing or untrusted access switch ports. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000110 - The Juniper EX switch must be configured not to forward unknown unicast traffic to access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000530 - The Juniper EX switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards. | DISA Juniper EX Series Network Device Management v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000620 - The Juniper router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000630 - The Juniper router must be configured to have Internet Control Message Protocol (ICMP) mask replies disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000650 - The Juniper BGP router must be configured to use the prefix limit feature to protect against route table flooding and prefix deaggregation attacks. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000690 - The Juniper multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000700 - The Juniper multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Mitigating an attack using TCP profiles | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| Overview of the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| SQL2-00-022000 - SQL Server must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. | DISA STIG SQL Server 2012 Database Audit v1r20 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000030 - Lookup Service must disable the shutdown port. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000029 - The Security Token Service must disable the shutdown port. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001570 - The WebSphere Application Server high availability applications must be installed on a cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001580 - The WebSphere Application Server memory session settings must be defined according to application load requirements. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - Default | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - Default | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startup | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startup | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - server.startup | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPInbound | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPThreadPool | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBJMSRAThreadPool | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBJMSRAThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBJMSRAThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - TCPChannel.DCS | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - TCPChannel.DCS | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainer | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WebContainer | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WMQJCAResourceAdapter | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WMQJCAResourceAdapter | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WMQJCAResourceAdapter | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows 11 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000220 - File Explorer heap termination on corruption must be disabled. | DISA Windows 11 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN22-CC-000060 - Windows Server 2022 must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows Server 2022 STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
