| 6.3.1 Ensure external AAA is used | CIS Juniper OS Benchmark v2.1.0 L1 | Juniper | ACCESS CONTROL |
| 6.6.7 Ensure Remote Login Class for Authorization through External AAA - login class | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| 6.6.7 Ensure Remote Login Class for Authorization through External AAA - remote class | CIS Juniper OS Benchmark v2.1.0 L2 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| DISA_F5_BIG-IP_Device_Management_v2r3.audit from DISA F5 BIG-IP Device Management v2r3 STIG | DISA F5 BIG-IP Device Management STIG v2r3 | F5 | |
| DISA_Microsoft_Exchange_2019_Edge_Server_STIG_v2r2.audit from DISA Microsoft Exchange 2019 Edge Server v2r2 STIG | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | |
| DISA_Red_Hat_Enterprise_Linux_9_STIG_v2r3.audit from DISA Red Hat Enterprise Linux 9 STIG v2r3 | DISA Red Hat Enterprise Linux 9 STIG v2r3 | Unix | |
| DISA_STIG_Adobe_Acrobat_Pro_DC_Continuous_Track_v2r1.audit from DISA Adobe Acrobat Professional DC Continuous Track v2r1 STIG | DISA STIG Adobe Acrobat Pro DC Continuous Track v2r1 | Windows | |
| DISA_STIG_Apache_Server-2.4_Unix_v3r1_Middleware.audit from DISA Apache Server 2.4 UNIX Server v3r1 STIG | DISA STIG Apache Server 2.4 Unix Server v3r1 Middleware | Unix | |
| DISA_STIG_Apache_Server-2.4_Unix_v3r1.audit from DISA Apache Server 2.4 UNIX Server v3r1 STIG | DISA STIG Apache Server 2.4 Unix Server v3r1 | Unix | |
| DISA_STIG_Apache_Site-2.4_Unix_v2r4_Middleware.audit from DISA Apache Server 2.4 UNIX Site v2r4 STIG | DISA STIG Apache Server 2.4 Unix Site v2r4 Middleware | Unix | |
| DISA_STIG_Apple_macOS_11_v1r5.audit from DISA Apple macOS 11 (Big Sur) v1r5 STIG | DISA STIG Apple macOS 11 v1r5 | Unix | |
| DISA_STIG_Apple_macOS_11_v1r8.audit from DISA Apple macOS 11 (Big Sur) v1r8 STIG | DISA STIG Apple macOS 11 v1r8 | Unix | |
| DISA_STIG_Apple_OS_X_10.15_v1r10.audit from DISA Apple OS X 10.15 (Catalina) v1r10 STIG | DISA STIG Apple Mac OSX 10.15 v1r10 | Unix | |
| DISA_STIG_Cisco_IOS_XE_Switch_NDM_v3r2.audit from DISA Cisco IOS XE Switch NDM v3r2 STIG | DISA STIG Cisco IOS XE Switch NDM v3r2 | Cisco | |
| DISA_STIG_McAfee_VirusScan_8.8_Local_Client_v6r1.audit from DISA McAfee VirusScan 8.8 Local Client v6r1 STIG | DISA McAfee VirusScan 8.8 Local Client STIG v6r1 | Windows | |
| DISA_STIG_Microsoft_Exchange_2013_Mailbox_Server_v2r3.audit from DISA Microsoft Exchange 2013 Mailbox Server v2r3 STIG | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_STIG_Microsoft_Exchange_2016_Mailbox_Server_v2r6.audit from DISA Microsoft Exchange 2016 Mailbox Server v2r6 STIG | DISA Microsoft Exchange 2016 Mailbox Server STIG v2r6 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| DISA_STIG_MongoDB_Enterprise_Advanced_3.x_OS_Linux_v2r3.audit from DISA MongoDB Enterprise Advanced 3.x v2r3 STIG | DISA STIG MongoDB Enterprise Advanced 3.x v2r3 OS | Unix | |
| DISA_STIG_MongoDB_Enterprise_Advanced_4.x_OS_v1r4.audit from DISA MongoDB Enterprise Advanced 4.x v1r4 STIG | DISA STIG MongoDB Enterprise Advanced 4.x v1r4 OS | Unix | |
| DISA_STIG_RHEL_5_v1r18.audit from DISA Red Hat Enterprise Linux 5 STIG v1r18 | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | |
| DISA_STIG_RHEL_6_v2r2.audit from DISA Red Hat Enterprise Linux 6 v2r2 STIG | DISA Red Hat Enterprise Linux 6 STIG v2r2 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_EAM_Tomcat_v1r4.audit from DISA VMware vSphere 6.7 EAM Tomcat v1r4 STIG | DISA STIG VMware vSphere 6.7 EAM Tomcat v1r4 | Unix | |
| DISA_STIG_VMware_vSphere_6.7_UI_Tomcat_v1r3.audit from DISA VMware vSphere 6.7 UI Tomcat v1r3 STIG | DISA STIG VMware vSphere 6.7 UI Tomcat v1r3 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_Perfcharts_v1r1.audit from DISA VMware vSphere 7.0 vCenter Appliance Perfcharts v1r1 STIG | DISA STIG VMware vSphere 7.0 Perfcharts Tomcat v1r1 | Unix | |
| DISA_STIG_VMware_vSphere_7.0_vCA_UI_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance UI v1r2 STIG | DISA STIG VMware vSphere 7.0 vCA UI v1r2 | Unix | |
| EX19-ED-000238 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2019 Edge Server STIG v2r2 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-000235 - The F5 BIG-IP appliance APM Access Policies that grant access to web application resources must allow only client certificates that have the User Persona Name (UPN) value in the User Persona Client Certificates. | DISA F5 BIG-IP Access Policy Manager STIG v2r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000050 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000110 - The Juniper router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000170 - The Juniper perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the site's address space. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL |
| JUEX-RT-000240 - The Juniper router must be configured to produce audit records containing information to establish where the events occurred. | DISA Juniper EX Series Router v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000250 - The Juniper router must be configured to produce audit records containing information to establish the source of the events. | DISA Juniper EX Series Router v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000260 - The Juniper router must be configured to log all packets that have been dropped. | DISA Juniper EX Series Router v2r1 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-RT-000330 - The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000340 - The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000420 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000450 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode, or a firewall filter, enabled on all CE-facing interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000510 - The Juniper perimeter router must be configured to block all packets with any IP options. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUEX-RT-000560 - The router providing MPLS L2VPN services must be configured to authenticate targeted LDP sessions used to exchange VC information using a FIPS-approved message authentication code algorithm. | DISA Juniper EX Series Router v2r1 | Juniper | IDENTIFICATION AND AUTHENTICATION |
| JUEX-RT-000600 - The Juniper router must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000670 - The Juniper PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000720 - The Juniper BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM). | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000790 - The Juniper multicast Designated Router (DR) must be configured to filter the IGMP and MLD Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000930 - The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT). | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-RT-000950 - The Juniper PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. | DISA Juniper EX Series Router v2r1 | Juniper | CONFIGURATION MANAGEMENT |
| Network Security - Configure LLDP only on required network ports - LLDP-MED | Juniper Hardening JunOS 12 Devices Checklist | Juniper | CONFIGURATION MANAGEMENT |
| OH12-1X-000233 - OHS hosted web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Oracle HTTP Server 12.1.3 v2r2 | Unix | CONFIGURATION MANAGEMENT |
| WG610 A22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Apache Site 2.2 Unix v1r11 | Unix | |
| WG610 W22 - Web sites must utilize ports, protocols, and services according to PPSM guidelines. | DISA STIG Apache Site 2.2 Windows v1r13 | Windows | |
