| 1.1.2.1 console authentication | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL |
| 1.1.2.1 vty line authentication | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL |
| 1.1.2.2 vty line authentication | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL |
| 2.1.6 Key chains | CIS Cisco IOS XR 7.x v1.0.1 L2 | Cisco | ACCESS CONTROL |
| 9.2.3 Ensure 'Windows Firewall: Private: Outbound connections' is set to 'Allow (default)' (STIG only) | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG DC | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 20.16 Ensure 'Default permissions for the HKEY_LOCAL_MACHINE registry hive must be maintained' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG DC | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 20.33 Ensure 'Local volumes must use a format that supports NTFS attributes' (STIG only) | CIS Microsoft Windows Server 2022 STIG v2.0.0 STIG MS | Windows | CONFIGURATION MANAGEMENT |
| 20.47 Ensure 'Permissions for program file directories must conform to minimum requirements' | CIS Microsoft Windows Server 2016 STIG v3.0.0 STIG MS | Windows | ACCESS CONTROL |
| 20.47 Ensure 'Permissions for program file directories must conform to minimum requirements' | CIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC | Windows | ACCESS CONTROL |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L1_Server.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L1 Server | Unix | |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L1_Workstation.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L1 Workstation | Unix | |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L2_Server.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L2 Server | Unix | |
| CIS_Amazon_Linux_2_STIG_v2.0.0_L2_Workstation.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 L2 Workstation | Unix | |
| CIS_Amazon_Linux_2_STIG_v2.0.0_STIG.audit from CIS Amazon Linux 2 STIG Benchmark v2.0.0 | CIS Amazon Linux 2 STIG v2.0.0 STIG | Unix | |
| CISC-ND-000010 - The Cisco router must be configured to limit the number of concurrent management sessions to an organization-defined number. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-ND-000210 - The Cisco device must be configured to audit all administrator activity. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000460 - The Cisco router must be configured to limit privileges to change the software resident within software libraries. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000720 - The Cisco router must be configured to terminate all network connections associated with device management after five minutes of inactivity. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000980 - The Cisco router must be configured to allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001130 - The Cisco router must be configured to authenticate SNMP messages using a FIPS-validated Keyed-Hash Message Authentication Code (HMAC). | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS XR Router NDM STIG v3r3 | Cisco | MAINTENANCE |
| CISC-ND-001440 - The Cisco router must be configured to obtain its public key certificates from an appropriate certificate policy through an approved service provider. | DISA Cisco IOS XE Router NDM STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco router must be configured to have IP directed broadcast disabled on all interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000170 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000210 - The Cisco router must be configured to produce audit records containing information to establish where the events occurred. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco router must not be configured to use IPv6 Site Local Unicast addresses. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000790 - The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000820 - The Cisco multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000860 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join only multicast groups that have been approved by the organization. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000870 - The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA Cisco IOS XR Router RTR STIG v3r2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000900 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000910 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets. | DISA Cisco IOS XE Router RTR STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| DISA_STIG_JRE_8_Unix_v1r3.audit for Oracle JRE 8 UNIX STIG, v1r3 | DISA STIG Oracle JRE 8 Unix v1r3 | Unix | |
| ESXI-80-000198 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating ESXi management traffic. | DISA VMware vSphere 8.0 ESXi STIG v2r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI5-VMNET-000013 - The system must ensure that the virtual switch Forged Transmits policy is set to reject. | DISA STIG VMWare ESXi Server 5 STIG v2r1 | VMware | CONFIGURATION MANAGEMENT |
| Network Security - Ensure IP directed broadcast has not been configured | Juniper Hardening JunOS 12 Devices Checklist | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000031 - OHS must have the Order, Allow, and Deny directives set within the Directory directives set to restrict inbound connections from nonsecure zones. | DISA STIG Oracle HTTP Server 12.1.3 v2r3 | Unix | ACCESS CONTROL |
| Session timeout | ArubaOS CX 10.x Hardening Guide v1.0.0 | ArubaOS | ACCESS CONTROL |
| SPLK-CL-000235 - Splunk Enterprise must notify analysts of applicable events for Tier 2 CSSP and JRSS only. | DISA STIG Splunk Enterprise 7.x for Windows v3r1 REST API | Splunk | ACCESS CONTROL |
| SQL6-D0-013600 - SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur. | DISA STIG SQL Server 2016 Instance DB Audit v3r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| TCAT-AS-001680 - ALLOW_BACKSLASH must be set to false. | DISA STIG Apache Tomcat Application Server 9 v3r2 Middleware | Unix | CONFIGURATION MANAGEMENT |
| VCRP-67-000009 - The rhttpproxy log files must be moved to a permanent repository in accordance with site policy. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | AUDIT AND ACCOUNTABILITY |
| WG040 A22 - Public web server resources must not be shared with private assets. | DISA STIG Apache Server 2.2 Unix v1r11 | Unix | |
