| 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.96 WN16-CC-000030 | CIS Microsoft Windows Server 2016 STIG v4.0.0 MS CAT II | Windows | SYSTEM AND INFORMATION INTEGRITY |
| 1.96 WN22-CC-000020 | CIS Microsoft Windows Server 2022 STIG v3.0.0 MS CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.96 WN22-CC-000020 | CIS Microsoft Windows Server 2022 STIG v3.0.0 DC CAT II | Windows | CONFIGURATION MANAGEMENT |
| 1.107 WN10-CC-000039 | CIS Microsoft Windows 10 STIG v1.0.0 CAT II | Windows | CONFIGURATION MANAGEMENT |
| 6.15 Set 'Automatically dial during a background Send/Receive' to 'Enabled:False' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| 6.16 Set 'Hang up when finished sending, receiving, or updating' to 'Enabled:True' | CIS MS Office Outlook 2010 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
| ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| BIND-9X-001500 - A BIND 9.x server implementation must be operating on a Current-Stable version as defined by ISC. | DISA BIND 9.x STIG v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CISC-ND-000280 - The Cisco router must produce audit records containing information to establish when (date and time) the events occurred. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000290 - The Cisco router must produce audit records containing information to establish where the events occurred. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-001210 - The Cisco router must be configured to implement cryptographic mechanisms to protect the confidentiality of remote maintenance sessions. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | MAINTENANCE |
| CISC-ND-001470 - The Cisco router must be running an IOS release that is currently supported by Cisco Systems. | DISA Cisco IOS XR Router NDM STIG v3r5 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000450 - The Cisco router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000480 - The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | ACCESS CONTROL |
| CISC-RT-000610 - The MPLS router with RSVP-TE enabled must be configured with message pacing to adjust maximum burst and maximum number of RSVP messages to an output queue based on the link speed and input queue size of adjacent core routers. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000850 - The Cisco multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000910 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to authenticate all received MSDP packets. | DISA Cisco IOS XR Router RTR STIG v3r3 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| ESXI-67-000060 - The virtual switch MAC Address Change policy must be set to reject on the ESXi host. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | CONFIGURATION MANAGEMENT |
| ESXI-70-000049 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting ESXi management traffic. | DISA VMware vSphere 7.0 ESXi STIG v1r4 VMware | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000200 - Exchange Attachment filtering must remove undesirable attachments by file type. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| EX16-ED-000400 - Exchange Attachment filtering must remove undesirable attachments by file type. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| F5BI-DM-000284 - The F5 BIG-IP must ensure SSH is disabled for root user logon to prevent remote access using the root account. | DISA F5 BIG-IP Device Management STIG v2r4 | F5 | CONFIGURATION MANAGEMENT |
| IISW-SI-000239 - The IIS 8.5 websites must utilize ports, protocols, and services according to PPSM guidelines. | DISA IIS 8.5 Site v2r9 | Windows | CONFIGURATION MANAGEMENT |
| JUEX-L2-000020 - The Juniper EX switch must be configured to uniquely identify all network-connected endpoint devices before establishing any connection. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-L2-000040 - The Juniper EX switch must be configured to manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000060 - The Juniper EX switch must be configured to permit authorized users to remotely view, in real time, all content related to an established user session from a component separate from the layer 2 switch. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-L2-000120 - The Juniper EX switch must be configured to enable DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000130 - The Juniper EX switch must be configured to enable IP Source Guard on all user-facing or untrusted access VLANs. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000150 - The Juniper EX switch must be configured to enable Storm Control on all host-facing access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000170 - If STP is used, the Juniper EX switch must be configured to implement Rapid STP, or Multiple STP, where VLANs span multiple switches with redundant links. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000180 - The Juniper EX switch must be configured to verify two-way connectivity on all interswitch trunked interfaces. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000190 - The Juniper EX switch must be configured to assign all explicitly disabled access interfaces to an unused VLAN. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000200 - The Juniper EX switch must not be configured with VLANs used for L2 control traffic assigned to any host-facing access interface. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-L2-000230 - The Juniper EX switch must be configured to set all enabled user-facing or untrusted ports as access interfaces. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000240 - The Juniper EX switch must not have a native VLAN ID assigned, or have a unique native VLAN ID, for all 802.1q trunk links. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-L2-000250 - The Juniper EX switch must not have any access interfaces assigned to a VLAN configured as native for any trunked interface. | DISA Juniper EX Series Layer 2 Switch v2r4 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000460 - The Juniper out-of-band management (OOBM) gateway must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - BGP | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - IS-IS | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUNI-RT-000040 - The Juniper router must be configured to use encryption for routing protocol authentication - OSPF | DISA STIG Juniper Router RTR v3r2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| MYS8-00-002400 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| VCSA-70-000110 - The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC). | DISA STIG VMware vSphere 7.0 vCenter v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCTR-67-000007 - The vCenter Server must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of denial-of-service (DoS) attacks by enabling Network I/O Control (NIOC). | DISA STIG VMware vSphere 6.7 vCenter v1r4 | VMware | CONFIGURATION MANAGEMENT |
| VCWN-65-000007 - The vCenter Server for Windows must manage excess capacity, bandwidth, or other redundancy to limit the effects of information-flooding types of Denial of Service (DoS) attacks by enabling Network I/O Control (NIOC). | DISA VMware vSphere 6.5 vCenter Server for Windows STIG v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN11-00-000150 - Structured Exception Handling Overwrite Protection (SEHOP) must be enabled. | DISA Microsoft Windows 11 STIG v2r7 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| WN12-SO-000044 - The system must be configured to disable the Internet Router Discovery Protocol (IRDP). | DISA Windows Server 2012 and 2012 R2 MS STIG v3r7 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WN16-CC-000030 - WDigest Authentication must be disabled on Windows Server 2016. | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | CONFIGURATION MANAGEMENT |
