| 1.2.1 Restrict Access to VTY Sessions | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.7 Disable the Telnet Feature | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.9.4 Ensure Read Write privileges are not configured for SNMP | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Disable Proxy ARP on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.17 Secure SETSESSIONUSER Privilege | CIS IBM DB2 11 v1.1.0 Database Level 1 | IBM_DB2DB | ACCESS CONTROL, MEDIA PROTECTION |
| AMLS-NM-000380 - The Arista Multilayer Switch must generate audit records when concurrent logons from different workstations occur - trap logging | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| ARST-ND-000470 - The Arista network device must use FIPS 140-2 approved algorithms for authentication to a cryptographic module. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-ND-000700 - The Arista network device must be configured to implement cryptographic mechanisms using a FIPS 140-2 approved algorithm to protect the confidentiality of remote maintenance sessions. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | MAINTENANCE |
| CASA-ND-000290 - The Cisco ASA must be configured to produce audit log records containing information to establish the source of events. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-000300 - The Cisco ASA must be configured to produce audit records that contain information to establish the outcome of the event. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CASA-ND-001220 - The Cisco ASA must be configured to generate audit records when successful/unsuccessful logon attempts occur. | DISA STIG Cisco ASA NDM v2r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| Centralized authentication - configuration | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - server | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - tacacs accounting | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| Centralized authentication - tacacs authorization | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Console Authentication Realm | Tenable Cisco ACI | Cisco_ACI | ACCESS CONTROL |
| ESXI-06-000059 - The virtual switch Forged Transmits policy must be set to reject. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000060 - The virtual switch MAC Address Change policy must be set to reject. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| HP ProCurve - 'Configure Management VLAN' | TNS HP ProCurve | HPProCurve | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| Include Login in Session Records | Tenable Cisco ACI | Cisco_ACI | AUDIT AND ACCOUNTABILITY |
| PHTN-40-000067 The Photon operating system must restrict access to the kernel message buffer. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000068 The Photon operating system must be configured to use TCP syncookies. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PHTN-40-000105 The Photon operating system must enable symlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | ACCESS CONTROL |
| PHTN-40-000160 The Photon operating system must implement address space layout randomization to protect its memory from unauthorized code execution. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PHTN-40-000224 The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000231 The Photon operating system must not perform IPv4 packet forwarding. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000232 The Photon operating system must send TCP timestamps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000244 The Photon operating system must enable hardlink access control protection in the kernel. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| PHTN-40-000246 The Photon operating system must restrict core dumps. | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | CONFIGURATION MANAGEMENT |
| Port security | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Remote Location - Protocol | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| TFTP vs SFTP | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| TFTP vs SFTP and SCP - ip ssh filetransfer | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| TFTP vs SFTP and SCP - no tftp client | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| TFTP vs SFTP and SCP - no tftp server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| vCenter: vcenter-8.network-restrict-netflow-usage | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| vNetwork : set-non-negotiate | VMWare vSphere 5.X Hardening Guide | VMware | |
