| 1.5.5 Configure SNMP Source Interface for Traps | CIS Cisco NX-OS L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.1 Configure at least 2 external NTP Servers | CIS Cisco NX-OS L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.7.4 Configure NTP Authentication | CIS Cisco NX-OS L2 v1.1.0 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 2.1.1.1.2 Set the 'ip domain-name' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.1.1 Set 'ntp authenticate' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 7 L1 v1.8.0 | Windows | CONFIGURATION MANAGEMENT |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 10 v1.2.1 Level 1 | Windows | SYSTEM AND SERVICES ACQUISITION |
| 3.1 Ensure 'deployment method retail' is set | CIS IIS 8.0 v1.5.1 Level 1 | Windows | CONFIGURATION MANAGEMENT |
| 3.1.2.2 If Possible, Limit the BGP Routes Accepted from Peers | CIS Cisco NX-OS L2 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Configure LLDP | CIS Cisco NX-OS L1 v1.1.0 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.2 Configure a Remote Backup Schedule | CIS Cisco NX-OS L1 v1.1.0 | Cisco | CONTINGENCY PLANNING |
| 7.3 (L1) Ensure the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 7.0 v1.4.0 L1 | VMware | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000120 - The Arista Multilayer Switch must automatically audit account creation. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000140 - The Arista Multilayer Switch must automatically audit account disabling actions. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000150 - The Arista Multilayer Switch must automatically audit account removal actions. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | ACCESS CONTROL |
| AMLS-NM-000170 - The Arista Multilayer Switch must protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000180 - The Arista Multilayer Switch must generate audit records when successful/unsuccessful attempts to access privileges occur. | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| ARST-L2-000100 - The Arista MLS layer 2 switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-ND-000120 - The Arista network device must be configured to enforce the limit of three consecutive invalid logon attempts, after which time it must block any login attempt for 15 minutes. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL |
| ARST-ND-000150 - The Arista network device must be configured to audit all administrator activity. | DISA STIG Arista MLS EOS 4.2x NDM v2r1 | Arista | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | ACCESS CONTROL |
| ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Centralized authentication - configuration | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| check for STIG parameters | DISA VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 STIG v2r1 | Unix | |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS-XR Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options. | DISA STIG Cisco IOS XE Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Configure Allowed Authentication Types | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| Control Plane Policing | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - global | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| Dynamic ARP Protection - port trust, vlans, and validate | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-06-000058 - The system must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-06-000067 - All physical switch ports must be configured with spanning tree disabled. | DISA STIG VMware vSphere 6.x ESXi v1r5 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-67-000058 - The ESXi host must enable BPDU filter on the host to prevent being locked out of physical switch ports with Portfast and BPDU Guard enabled. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| FNFG-FW-000075 - The FortiGate firewall implementation must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA Fortigate Firewall STIG v1r3 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| HP ProCurve - 'Enable SSH' | TNS HP ProCurve | HPProCurve | CONFIGURATION MANAGEMENT |
| HTTP vs. HTTPS - idle-timeout | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| HTTP vs. HTTPS - plaintext | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
| HTTP vs. HTTPS - ssl | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000240 - The Juniper perimeter router must be configured to deny network traffic by default and allow network traffic by exception. | DISA STIG Juniper Router RTR v3r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| Login banner - banner exec | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Login banner - banner motd | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Telnet vs. Secure Shell - idle-timeout | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| Telnet vs. Secure Shell - no telnet-server | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | CONFIGURATION MANAGEMENT |
