| 1.1.20 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.7.0 Benchmark v1.1.0 L1 | Unix | ACCESS CONTROL |
| 1.2.5 Set 'access-class' for 'line vty' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.6 Set the Maximum Number of VTY Sessions | CIS Cisco NX-OS v1.2.0 L1 | Cisco | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.4.1.3 Ensure known default accounts do not exist | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.4.4 Set IP address for 'logging host' | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.11 Benchmark v1.3.0 L1 | Unix | ACCESS CONTROL |
| 1.6.3 Create administrative boundaries between resources using namespaces | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 2.1.1.2 Set version 2 for 'ip ssh version' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.4 Set IP address for 'logging host' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.14 Ensure that the --authorization-mode argument is not set to AlwaysAllow | CIS Kubernetes 1.8 Benchmark v1.2.0 L1 | Unix | ACCESS CONTROL |
| 5.6.1 Create administrative boundaries between resources using namespaces | CIS Kubernetes v1.11.1 L1 Master Node | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure that the vSwitch Promiscuous Mode policy is set to reject | CIS VMware ESXi 5.5 v1.2.0 Level 1 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000020 - The Arista MLS layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | IDENTIFICATION AND AUTHENTICATION |
| ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.x Router v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Brocade - FIPS Mode is enabled | Tenable Best Practices Brocade FabricOS | Brocade | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001050 - The Cisco ASA must be configured to authenticate Simple Network Management Protocol (SNMP) messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA STIG Cisco ASA NDM v2r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000580 - The Cisco router must be configured to enforce password complexity by requiring that at least one lowercase character be used. | DISA Cisco IOS XE Router NDM STIG v3r5 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000590 - The Cisco router must be configured to enforce password complexity by requiring that at least one numeric character be used. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-000600 - The Cisco router must be configured to enforce password complexity by requiring that at least one special character be used. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS XE Router NDM STIG v3r5 | Cisco | MAINTENANCE |
| CISC-ND-001250 - The Cisco router must be configured to generate log records when administrator privileges are deleted. | DISA Cisco IOS Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000070 - The Cisco router must be configured to have all non-essential capabilities disabled. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA Cisco IOS XE Router RTR STIG v3r4 | Cisco | ACCESS CONTROL |
| DNS Profile - Address - DNS Server 1 | Tenable Cisco ACI | Cisco_ACI | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure known default accounts do not exist - cmd_exec | Tenable Cisco Firepower Threat Defense Best Practices Audit | Cisco_Firepower | ACCESS CONTROL |
| ESXI-65-000048 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating vMotion traffic. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000165 - Exchange messages with a blank sender field must be rejected. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX13-EG-000175 - Exchange filtered messages must be archived. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX19-ED-000125 - Exchange filtered messages must be archived. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| JBOS-AS-000080 - The JBoss server must generate log records for access and authentication events to the management interface. | DISA JBoss EAP 6.3 STIG v2r6 | Unix | AUDIT AND ACCOUNTABILITY |
| JUEX-L2-000050 - The Juniper EX switch must be configured to permit authorized users to select a user session to capture. | DISA Juniper EX Series Layer 2 Switch v2r3 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000270 - The Juniper router must be configured to have all nonessential capabilities disabled. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000770 - The Juniper perimeter router must be configured to block all outbound management traffic. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - finger | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - ftp | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000070 - The Juniper router must be configured to have all non-essential capabilities disabled - http | DISA STIG Juniper Router RTR v3r2 | Juniper | CONFIGURATION MANAGEMENT |
| Keychain Policy - Key Policy - Endtime | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| Management Access Policy - HTTPS - Cipher Configuration | Tenable Cisco ACI | Cisco_ACI | |
| Management Access Policy - SSH Access Via Web - Admin State | Tenable Cisco ACI | Cisco_ACI | CONFIGURATION MANAGEMENT |
| Password Strength Check - Password Minimum Length | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| Password Strength Check - Password Strength Test Type | Tenable Cisco ACI | Cisco_ACI | IDENTIFICATION AND AUTHENTICATION |
| Server-supplied privilege level | ArubaOS Switch 16.x Hardening Guide v1.0.0 | ArubaOS | IDENTIFICATION AND AUTHENTICATION |
| vCenter: vcenter-8.vami-firewall-restrict-access | VMware vSphere Security Configuration and Hardening Guide | VMware | CONFIGURATION MANAGEMENT |
| VCSA-70-000279 - The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic. | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000279 - The vCenter Server must protect the confidentiality and integrity of transmitted information by isolating Internet Protocol (IP)-based storage traffic. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| VCSA-80-000300 - The vCenter Server must remove unauthorized port mirroring sessions on distributed switches. | DISA VMware vSphere 8.0 vCenter STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN10-CC-000063 - Windows 10 systems must use either Group Policy or an approved Mobile Device Management (MDM) product to enforce STIG compliance. | DISA Microsoft Windows 10 STIG v3r4 | Windows | CONFIGURATION MANAGEMENT |
