| aaa authentication | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| aaa group | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| access-group in | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| AMLS-L3-000220 - Check for ipv6 OSPF | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | |
| AMLS-L3-000220 - Check for IS-IS | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | |
| AMLS-L3-000220 - The Arista Multilayer Switch must enable neighbor router authentication for control plane protocols except RIP - OSPF MD5 Key | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| AMLS-L3-000250 - Check for ipv6 OSPF | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | |
| AMLS-L3-000250 - Check for router OSPF | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | |
| AMLS-L3-000260 - Check for router bgp | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | |
| AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Arista MLS DCS-7000 Series RTR v1r4 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| Check if Cisco IOS is installed | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| Check snmp-server v3 | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000200 - The Cisco switch must have all trunk links enabled statically. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-L2-000220 - The Cisco switch must not have the default VLAN assigned to any host-facing switch ports. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | CONTINGENCY PLANNING |
| CISC-L2-000270 - The Cisco switch must not have any switchports assigned to the native VLAN. | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-000090 - The Cisco switch must be configured to automatically audit account creation. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | ACCESS CONTROL |
| CISC-ND-000290 - The Cisco switch must produce audit records containing information to establish where the events occurred. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-ND-000390 - The Cisco switch must be configured to protect audit information from unauthorized deletion. | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000220 - The Cisco switch must be configured to produce audit records containing information to establish the source of the events. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | AUDIT AND ACCOUNTABILITY |
| CISC-RT-000236 - The Cisco switch must be configured to advertise a hop limit of at least 32 in Switch Advertisement messages for IPv6 stateless auto-configuration deployments. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000237 - The Cisco switch must not be configured to use IPv6 Site Local Unicast addresses. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | CONFIGURATION MANAGEMENT |
| CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000750 - The Cisco PE switch must be configured to ignore or drop all packets with any IP options. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000760 - The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy to provide preferred treatment for mission-critical applications. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000810 - The Cisco multicast edge switch must be configured to establish boundaries for administratively scoped multicast traffic. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000870 - The Cisco multicast Designated switch (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| class-map | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| deny 169.254.0.0 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| dest-option-type 4 | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| EX16-ED-000570 - Exchange must render hyperlinks from email sources from non-.mil domains as unclickable. | DISA Microsoft Exchange 2016 Edge Transport Server STIG v2r5 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| GEN002860 - Audit logs must be rotated daily. | DISA STIG for Oracle Linux 5 v2r1 | Unix | CONFIGURATION MANAGEMENT |
| ip access-group EXTERNAL_ACL_OUTBOUND out | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ip access-list | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ip access-list extended EXTERNAL_ACL_OUTBOUND | DISA STIG Cisco IOS Switch RTR v3r1 | Cisco | |
| ip http max-connections | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ip ssh server algorithm mac | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| line con | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| line vty ssh | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| login on-failure | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| management access-list | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ntp authenticate | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| ntp trusted-key | DISA STIG Cisco IOS Switch NDM v3r2 | Cisco | |
| radius server | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
| vtp status off | DISA STIG Cisco IOS Switch L2S v3r1 | Cisco | |
