| 1.1.2 Enable 'aaa authentication login' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.1.9 Set 'aaa accounting exec' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.1.11 Set 'aaa accounting system' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 1.2.3 Set 'no exec' for 'line aux 0' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.11 Set 'transport input none' for 'line aux 0' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.5.3 Unset 'public' for 'snmp-server community' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.5.3 Unset 'public' for 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Do not set 'RW' for any 'snmp-server community' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | ACCESS CONTROL |
| 1.5.8 Set 'snmp-server enable traps snmp' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.4 Set 'seconds' for 'ip ssh timeout' | CIS Cisco IOS 12 L1 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.7 Set 'service tcp-keepalives-out' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT |
| 2.3.1.2 Set 'ntp authentication-key' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.4.1 Create a single 'interface loopback' - 'Only one loopback interface IP Address is defined' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2 Set 'no ip proxy-arp' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.3 Set 'no interface tunnel' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Set 'key-string' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.2 Set 'key' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.3.2 Set 'key' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.3 Set 'key-string' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.3.3 Set 'key-string' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.4 Set 'ip rip authentication key-chain' | CIS Cisco IOS 12 L2 v4.0.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.5 Set 'ip rip authentication mode' to 'md5' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Do not share the host's process namespace | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Account Management - Review account groups assigned to 'netadmin' | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | ACCESS CONTROL |
| AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa exec | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all start-stop | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa system default start-stop | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| Ensure 'Failover' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Password Policy' is enabled - minimum-length | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'syslog hosts' is configured correctly | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure DNS services are configured correctly - name-server | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure non-default application inspection is configured correctly | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| JUEX-NM-000060 - The Juniper EX switch must be configured to assign appropriate user roles or access levels to authenticated users. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | ACCESS CONTROL |
| JUEX-NM-000430 - The Juniper EX switch must be configured to synchronize internal information system clocks using redundant authoritative time sources. | DISA Juniper EX Series Network Device Management v2r4 | Juniper | AUDIT AND ACCOUNTABILITY |
