| Interior routing protocols are not authenticated - 'OSPFv2 Check' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-IPV6-033 - IPv6 routers are not configured with CEF enabled | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET-IPV6-034 - IPv6 Egress Outbound Spoofing Filter - 'ipv6 verify unicast source reachable-via rx OUTBOUND_TO_BACKBONE' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-065 - The 6-to-4 router is not filtering protocol 41 - 'ip access-list IPV4_EGRESS_FILTER' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-IPV6-066 - 6-to-4 router not filtering invalid source address - 'permit ipv6 2002:V4ADDR::/48' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-MCAST-010 - No Admin-local or Site-local boundary - 'ip multicast boundary' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'aaa new-model' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| NET-VLAN-008 - A dedicated VLAN is required for all trunk ports. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET-VLAN-024 - Restricted VLAN not assigned to non-802.1x device. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Interface Check)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0400 - Interior routing protocols are not authenticated - 'RIPv2 (Interface Check - authentication key-chain)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0408 - BGP must authenticate all peers | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite - Key 2' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite - Key 2' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to send-lifetime infinite' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0433 - The device is not authenticated using a AAA server - 'ip http authentication' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0433 - The device is not authenticated using a AAA server - 'line con - authentication' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0724 - TCP Keep-Alives must be enabled | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0744 - BSDr commands are not disabled - rsh-enable | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET0894 - Network element must only allow SNMP read access - 'SNMP v3 auth' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0966 - Control plan protection is not enabled - 'inbound ACL option' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0966 - Control plan protection is not enabled - 'Steps 1 - 3' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET0989 - Management traffic leaks into the managed network - 'OOBM Interface (ip access-list ACL_LIST in)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL deny)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'access mode' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0997 - The management VLAN is not pruned from trunk links | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| NET1007 - Management traffic is not classified and marked - 'Interface Configured (service-policy input DIST_LAYER_POLICY)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET1007 - Management traffic is not classified and marked - 'ip access-list extended MGMT_TRAFFIC_CLASSIFICATION_ACL permit' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1020 - Interface ACL deny statements are not logged | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1021 - The network element must log all messages except debugging. - 'Logging trap' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1623 - Authentication required for console access - 'AUX port (login authentication AUTH_LIST)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | ACCESS CONTROL |
| NET1629 - The auxiliary port is not disabled | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ip http secure-server' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1638 - Management connections must be secured by FIPS 140-2 -'ip scp secure-server' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1640 - Management connections must be logged | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
| NET1645 - SSH session timeout is not 60 seconds or less | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | ACCESS CONTROL |
| NET1646 - SSH login attempts value is greater than 3 - 'ip ssh authentication-retries not found' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | ACCESS CONTROL |
| NET1660 - An insecure version of SNMP is being used | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | CONFIGURATION MANAGEMENT |
| NET1665 - Using default SNMP community names - 'Community set to Public or Private' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| NET1807 - Management traffic is not restricted - 'Interface crypto map configured (crypto map MYVPN)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1808 - Remote VPN end-point not a mirror of local gateway | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| SNMPv2 CONFIG IF STATEMENT | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| SNMPv3 CONFIG IF STATEMENT | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
| SNMPv3 with ACL is configured Check for ACL Configuration | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | |
