1.1.3 Enable 'aaa authentication enable default' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | ACCESS CONTROL |
4.7.1 Ensure authentication is set to MD5 | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
20.59 Ensure 'Software certificate installation files must be removed' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | CONFIGURATION MANAGEMENT |
20.67 Ensure 'The system uses an anti-virus program' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | SYSTEM AND INFORMATION INTEGRITY |
20.67 Ensure 'The system uses an anti-virus program' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | SYSTEM AND INFORMATION INTEGRITY |
CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | CONFIGURATION MANAGEMENT |
CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | ACCESS CONTROL |
CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | IDENTIFICATION AND AUTHENTICATION, MAINTENANCE |
CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA STIG Cisco IOS Router NDM v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000170 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000200 - The Cisco router must be configured to log all packets that have been dropped at interfaces via an ACL. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-RT-000220 - The Cisco router must be configured to produce audit records containing information to establish the source of the events. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONFIGURATION MANAGEMENT |
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD). | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | ACCESS CONTROL |
CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic. | DISA STIG Cisco IOS Router RTR v3r2 | Cisco | CONTINGENCY PLANNING |
Extreme : switch Info | TNS Extreme ExtremeXOS Best Practice Audit | Extreme_ExtremeXOS | CONFIGURATION MANAGEMENT |
IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones. | DISA IIS 8.5 Server v2r7 | Windows | ACCESS CONTROL |
PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware. | DISA STIG VMware vSphere 6.7 Photon OS v1r6 | Unix | CONFIGURATION MANAGEMENT |
Physical Security - Diagnostic Ports - Password protect Diagnostic ports - diag-port | Juniper Hardening JunOS 12 Devices Checklist | Juniper | IDENTIFICATION AND AUTHENTICATION |
SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH. | DISA SLES 12 STIG v3r2 | Unix | IDENTIFICATION AND AUTHENTICATION |