| AMLS-L3-000300 - Arista MLS must only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS DCS-7000 Series RTR V1R2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0890 - The network element must only allow SNMP access from addresses belonging to the management network. | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0988 - Traffic from the managed network will leak - 'OOBM Interface (ip access-list OOBM_EGRESS_ACL out)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0989 - Management traffic leaks into the managed network - 'OOBM Interface (ip access-list ACL_LIST in)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0989 - Management traffic leaks into the managed network - 'OOBM Interface (ip access-list ACL_LIST in)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0991 - The network element's OOBM interface must be configured with an OOBM network address. | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0991 - The OOBM interface not configured correctly | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0991 - The OOBM interface not configured correctly | DISA STIG Cisco L2 Switch V8R27 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 1 (Egress ACL)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 1 (Ingress ACL)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The network elements management interface must be configured with both an ingress and egress ACL. - 'access-group mgmt inbound' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0992 - The network elements management interface must be configured with both an ingress and egress ACL. - 'access-group mgmt outbound' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0993 - The network element's management interface is not configured as passive for the IGP instance - 'eigrp passive-interface' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0993 - The network element's management interface is not configured as passive for the IGP instance - 'rip passive-interface' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'access mode' | DISA STIG Cisco L2 Switch V8R27 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'access mode' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'MGMT VLAN ID' | DISA STIG Cisco L2 Switch V8R27 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0994 - Management interface is assigned to a user VLAN - 'MGMT VLAN ID' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1000 - Management traffic is not blocked by egress ACL - 'Egress ACL Configured on Interface' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1000 - The gateway router for the managed network is not configured with an ACL or filter on the egress interface. | DISA STIG Juniper Perimeter Router V8R32 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1001 - A firewall located behind the premise router must be configured to block all outbound management traffic. - 'step 1 egress group' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1001 - A firewall located behind the premise router must be configured to block all outbound management traffic. - 'step 2 next-hop' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'crypto map IN_BAND_MGMT_VPN - match address IN_BAND_MGMT_VPN_ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - IPSec traffic is not restricted - 'crypto map IN_BAND_MGMT_VPN - match address IN_BAND_MGMT_VPN_ACL' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - Traffic entering the tunnels is not restricted to only the authorized management packets based on destination address. | DISA STIG Juniper Infrastructure Router V8R29 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - Traffic entering the tunnels is not restricted to only the authorized management packets based on destination address. | DISA STIG Juniper Perimeter Router V8R32 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1006 - Traffic entering the tunnels is not restricted to only the authorized management packets based on destination address. - 'ipsec' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'class-map match-all MANAGEMENT_TRAFFIC' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'ip access-list extended MGMT_TRAFFIC_CLASSIFICATION_ACL permit' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'ip access-list extended MGMT_TRAFFIC_CLASSIFICATION_ACL permit' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'ip access-list extended MGMT_TRAFFIC_CLASSIFICATION_ACL permit' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY (set ip dscp DIST_LAYER_DSCP_VALUE)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY (set ip dscp DIST_LAYER_DSCP_VALUE)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1807 - Management traffic is not restricted - 'crypto map OOBM_VPN (match address OOBM_VPN_ACL)' | DISA STIG Cisco Infrastructure L3 Switch v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1807 - Management traffic is not restricted - 'Interface crypto map configured (crypto map MYVPN)' | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET1807 - Management traffic is not restricted to only the authorized management packets based on destination and source IP address. | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
