| CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000060 - The Cisco switch must be configured to have all inactive layer 3 interfaces disabled. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000490 - The Cisco BGP switch must be configured to reject inbound route advertisements for any Bogon prefixes. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS). | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS). | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. | DISA STIG Cisco IOS Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000840 - The Cisco multicast Rendezvous Point (RP) switch must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Cisco switch (DR) for any undesirable multicast groups. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000920 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco NX-OS Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000930 - The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups. | DISA STIG Cisco IOS XE Switch RTR v3r1 | Cisco | ACCESS CONTROL |
| CISC-RT-000940 - The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on a per-peer basis. | DISA STIG Cisco IOS XE Router RTR v3r1 | Cisco | ACCESS CONTROL |
| DTBC-0001 - Firewall traversal from remote host must be disabled. | DISA STIG Google Chrome v2r9 | Windows | ACCESS CONTROL |
| DTBC-0020 - Google Data Synchronization must be disabled. | DISA STIG Google Chrome v2r9 | Windows | ACCESS CONTROL |
| DTBI032-IE11 - Accessing data sources across domains must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI039-IE11 - Navigating windows and frames across different domains must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI122-IE11 - Accessing data sources across domains must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI129-IE11 - Navigating windows and frames across different domains must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI515-IE11 - Websites in less privileged web content zones must be prevented from navigating into the Internet zone. | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI520-IE11 - Websites in less privileged web content zones must be prevented from navigating into the Restricted Sites zone. | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI990-IE11 - Dragging of content from different domains across windows must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1000-IE11 - Dragging of content from different domains within a window must be disallowed (Internet zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1005-IE11 - Dragging of content from different domains across windows must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| DTBI1025-IE11 - Dragging of content from different domains within a window must be disallowed (Restricted Sites zone). | DISA STIG IE 11 v2r5 | Windows | ACCESS CONTROL |
| EX13-MB-000015 - Exchange auto-forwarding email to remote domains must be disabled or restricted. | DISA Microsoft Exchange 2013 Mailbox Server STIG v2r3 | Windows | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.all.accept_source_route' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003600 - The system must not forward IPv4 source-routed packets - 'net.ipv4.conf.default.accept_source_route' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003603 - The system must not respond to ICMPv4 echoes sent to a broadcast address. | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003610 - The system must not send IPv4 ICMP redirects - 'net.ipv4.conf.all.send_redirects' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN003610 - The system must not send IPv4 ICMP redirects - 'net.ipv4.conf.default.send_redirects' | DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004360 - The alias file must be owned by root. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 SPARC v2r4 | Unix | ACCESS CONTROL |
| GEN004380 - The alias file must have mode 0644 or less permissive. | DISA STIG Solaris 10 X86 v2r4 | Unix | ACCESS CONTROL |
| JUEX-RT-000530 - The Juniper router must be configured to implement message authentication for all control plane protocols. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUEX-RT-000540 - The Juniper BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. | DISA Juniper EX Series Router v2r1 | Juniper | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| JUNI-RT-000510 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - policy-statement | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000780 - The Juniper multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUNI-RT-000930 - The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to limit the amount of source-active messages it accepts on per-peer basis. | DISA STIG Juniper Router RTR v3r1 | Juniper | ACCESS CONTROL |
| JUSX-VN-000009 - The Juniper SRX Services Gateway VPN must ensure inbound and outbound traffic is configured with a security policy in compliance with information flow control policies. | DISA Juniper SRX Services Gateway VPN v3r1 | Juniper | ACCESS CONTROL |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-171 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - CNSSI 1253 | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Monterey - Control Connections to Other Systems via a Deny-All and Allow-by-Exception Firewall Policy | NIST macOS Monterey v1.0.0 - All Profiles | Unix | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| MOTO-09-004500 - The Motorola Android Pie must be configured to disable exceptions to the access control policy that prevents application processes from accessing all data stored by other application processes - Copy/Paste | MobileIron - DISA Motorola Android Pie.x COPE v1r2 | MDM | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| WNFWA-000001 - Windows Defender Firewall with Advanced Security must be enabled when connected to a domain. | DISA Microsoft Windows Firewall v2r2 | Windows | ACCESS CONTROL |
| WNFWA-000002 - Windows Defender Firewall with Advanced Security must be enabled when connected to a private network. | DISA Microsoft Windows Firewall v2r2 | Windows | ACCESS CONTROL |
| WNFWA-000003 - Windows Defender Firewall with Advanced Security must be enabled when connected to a public network. | DISA Microsoft Windows Firewall v2r2 | Windows | ACCESS CONTROL |
