Item Search

NameAudit NamePluginCategory
1.1.3 Enable 'aaa authentication enable default'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0'CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DCWindows

ACCESS CONTROL

1.2.3 Ensure 'Account lockout threshold' is set to '3 or fewer invalid logon attempt(s), but not 0' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

ACCESS CONTROL

4.7.1 Ensure authentication is set to MD5CIS Juniper OS Benchmark v2.1.0 L1Juniper

IDENTIFICATION AND AUTHENTICATION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systemsCIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MSWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.20 Ensure 'DoD Interoperability Root CA cross-certificates' are installed in the 'Untrusted Certificates Store' on unclassified systems (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND COMMUNICATIONS PROTECTION

20.59 Ensure 'Software certificate installation files must be removed' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

CONFIGURATION MANAGEMENT

20.67 Ensure 'The system uses an anti-virus program' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DCWindows

SYSTEM AND INFORMATION INTEGRITY

20.67 Ensure 'The system uses an anti-virus program' (STIG only)CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MSWindows

SYSTEM AND INFORMATION INTEGRITY

CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred.DISA STIG Cisco IOS Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-000470 - The Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services.DISA STIG Cisco IOS Router NDM v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-ND-000490 - The Cisco router must be configured with only one local account to be used as the account of last resort in the event the authentication server is unavailable.DISA STIG Cisco IOS Router NDM v3r2Cisco

ACCESS CONTROL

CISC-ND-000620 - The Cisco router must only store cryptographic representations of passwords.DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.DISA STIG Cisco IOS Router NDM v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-ND-001150 - The Cisco router must be configured to authenticate Network Time Protocol (NTP) sources using authentication that is cryptographically based.DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION

CISC-ND-001200 - The Cisco router must be configured to use FIPS-validated Keyed-Hash Message Authentication Code (HMAC) to protect the integrity of remote maintenance sessions.DISA STIG Cisco IOS Router NDM v3r2Cisco

IDENTIFICATION AND AUTHENTICATION, MAINTENANCE

CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider.DISA STIG Cisco IOS Router NDM v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000170 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000200 - The Cisco router must be configured to log all packets that have been dropped at interfaces via an ACL.DISA STIG Cisco IOS Router RTR v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000220 - The Cisco router must be configured to produce audit records containing information to establish the source of the events.DISA STIG Cisco IOS Router RTR v3r2Cisco

AUDIT AND ACCOUNTABILITY

CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000430 - The Cisco out-of-band management (OOBM) gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000440 - The Cisco out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the Network Operations Center (NOC).DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000600 - The Cisco MPLS router must be configured to synchronize IGP and LDP to minimize packet loss when an IGP adjacency is established prior to LDP peers completing label exchange.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000620 - The Cisco MPLS router must be configured to have TTL Propagation disabled.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONFIGURATION MANAGEMENT

CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

CISC-RT-000730 - The Cisco PE router must be configured to block any traffic that is destined to IP core infrastructure.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000830 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups.DISA STIG Cisco IOS Router RTR v3r2Cisco

ACCESS CONTROL

CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization.DISA STIG Cisco IOS Router RTR v3r2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000950 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.DISA STIG Cisco IOS Router RTR v3r2Cisco

CONTINGENCY PLANNING

Extreme : switch InfoTNS Extreme ExtremeXOS Best Practice AuditExtreme_ExtremeXOS

CONFIGURATION MANAGEMENT

IISW-SV-000142 - The IIS 8.5 web server must restrict inbound connections from nonsecure zones.DISA IIS 8.5 Server v2r7Windows

ACCESS CONTROL

PHTN-67-000032 - The Photon operating system must only allow installation of packages signed by VMware.DISA STIG VMware vSphere 6.7 Photon OS v1r6Unix

CONFIGURATION MANAGEMENT

Physical Security - Diagnostic Ports - Password protect Diagnostic ports - diag-portJuniper Hardening JunOS 12 Devices ChecklistJuniper

IDENTIFICATION AND AUTHENTICATION

SLES-12-030140 - The SUSE operating system must deny direct logons to the root account using remote access via SSH.DISA SLES 12 STIG v3r2Unix

IDENTIFICATION AND AUTHENTICATION