Item Search

NameAudit NamePluginCategory
1.3.1 Ensure 'Enforce user logon restrictions' is set to 'Enabled' (STIG DC only)CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

1.4.2 Enable 'service password-encryption'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.14.1 Ensure 'System cryptography: Force strong key protection for user keys stored on the computer' is set to 'User must enter a password each time they use a key' (STIG only)CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systemsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.27 Ensure 'Event Viewer must be protected from unauthorized modification and deletion'CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

AUDIT AND ACCOUNTABILITY

20.59 Ensure 'Software certificate installation files must be removed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

CONFIGURATION MANAGEMENT

ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic.DISA STIG Arista MLS EOS 4.2x Router v2r1Arista

ACCESS CONTROL

CISC-ND-000090 - The Cisco router must be configured to automatically audit account creation.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000120 - The Cisco router must be configured to automatically audit account removal actions.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000160 - The Cisco router must be configured to display the Standard Mandatory DoD Notice and Consent Banner before granting access to the device.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC).DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions.DISA STIG Cisco IOS Router NDM v3r2Cisco

MAINTENANCE

CISC-ND-001220 - The Cisco router must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards.DISA STIG Cisco IOS Router NDM v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-ND-001370 - The Cisco router must be configured to use at least two authentication servers for the purpose of authenticating users prior to granting administrative access.DISA STIG Cisco IOS Router NDM v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-ND-001450 - The Cisco router must be configured to send log data to at least two syslog servers for the purpose of forwarding alerts to the administrators and the ISSO.DISA STIG Cisco IOS Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000210 - The Cisco router must be configured to produce audit records containing information to establish where the events occurred.DISA STIG Cisco IOS Router RTR v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000310 - The Cisco perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF).DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000420 - The Cisco out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000460 - The Cisco router providing connectivity to the Network Operations Center (NOC) must be configured to forward all in-band management traffic via an IPsec tunnel.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000470 - The Cisco BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM).DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000770 - The Cisco P router must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000890 - The Cisco multicast Designated Router (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

EX16-ED-000410 - The Exchange Spam Evaluation filter must be enabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5Windows

SYSTEM AND INFORMATION INTEGRITY

EX16-ED-000410 - The Exchange Spam Evaluation filter must be enabled.DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6Windows

SYSTEM AND INFORMATION INTEGRITY

EX19-ED-000131 - The Exchange Spam Evaluation filter must be enabled.DISA Microsoft Exchange 2019 Edge Server STIG v2r2Windows

SYSTEM AND INFORMATION INTEGRITY

Physical Security - Diagnostic Ports - Password protect Diagnostic ports - diag-portJuniper Hardening JunOS 12 Devices ChecklistJuniper

IDENTIFICATION AND AUTHENTICATION