| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS XE 17.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| aaa auth console | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa auth default | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa authentication | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| aaa authentication login default fallback | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| aaa new-model | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| AMLS-L3-000110 - The Arista Multilayer Switch must disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| Check for logging persistent | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| CISC-L2-000060 - The Cisco switch must be configured for authorized users to select a user session to capture. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000070 - The Cisco switch must be configured for authorized users to remotely view, in real time, all content related to an established user session from a component separate from The Cisco switch. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-L2-000140 - The Cisco switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000150 - The Cisco switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user VLANs. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs. | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic. | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | CONTINGENCY PLANNING |
| CISC-ND-000010 - The Cisco switch must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000120 - The Cisco switch must be configured to automatically audit account removal actions. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000380 - The Cisco switch must be configured to protect audit information from unauthorized modification. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000470 - The Cisco switch must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000490 - The Cisco switch must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000530 - The Cisco switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000620 - The Cisco switch must only store cryptographic representations of passwords. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000980 - The Cisco switch must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001200 - The Cisco switch must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | MAINTENANCE |
| CISC-ND-001370 - The Cisco switch must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-001410 - The Cisco switch must be configured to support organizational requirements to conduct backups of the configuration when changes occur. | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING |
| CISC-ND-001470 - The Cisco switch must be running an IOS release that is currently supported by Cisco Systems. | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| Ensure hmac-sha2-256 is configured | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG AIX 5.3 v1r2 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG Solaris 10 X86 v2r4 | Unix | CONFIGURATION MANAGEMENT |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG Solaris 10 SPARC v2r4 | Unix | CONFIGURATION MANAGEMENT |
| ip access-list | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ip boot server | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| ip http secure-server | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip http timeout | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| ip igmp snooping | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| ip igmp snooping vlan | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
| ip ssh server algorithm mac | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| line vty | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| logging ip | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| policy-map review | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| prefix list | DISA STIG Cisco NX-OS Switch RTR v3r2 | Cisco | |
| radius server | DISA STIG Cisco NX-OS Switch L2S v3r2 | Cisco | |
| radius-server host | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| snmp-server group | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| snmp-server host | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| snmp-server host | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| snmp-server user md5 | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| snmp-server user sha | DISA STIG Cisco NX-OS Switch NDM v3r2 | Cisco | |
| spanning-tree loopguard | DISA STIG Cisco IOS XE Switch L2S v3r1 | Cisco | |
