| 3.124 - Audit of Backup and Restore Privileges is not turned off. | DISA Windows Vista STIG v6r41 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-L3-000260 - Arista MLS must ensure all eBGP routers are configured to use GTSM or are configured to meet RFC3682. | DISA STIG Arista MLS DCS-7000 Series RTR V1R2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-L2-000050 - The Arista MLS switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts. | DISA STIG Arista MLS EOS 4.2x L2S v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000530 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) unreachable notifications disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000550 - The Arista router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-ND-001180 - The Cisco ASA must be configured to protect against known types of denial-of-service (DoS) attacks by enabling the Threat Detection feature - DoS attacks by enabling the Threat Detection feature | DISA STIG Cisco ASA NDM v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000110 - The Cisco switch must have STP Loop Guard enabled. | DISA STIG Cisco NX-OS Switch L2S v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping vlan | DISA STIG Cisco NX-OS Switch L2S v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-ND-001220 - The Cisco switch must be configured to protect against known types of denial-of-service (DoS) attacks by employing organization-defined security safeguards - policy-map | DISA STIG Cisco IOS XE Switch NDM v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000150 - The Cisco switch must be configured to have Gratuitous ARP disabled on all external interfaces. | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000160 - The Cisco switch must be configured to have IP directed broadcast disabled on all interfaces. | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000190 - The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces. | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP router must be configured to limit the prefix size on any inbound route advertisement to /24 or the least significant prefixes issued to the customer - ip prefix-list | DISA STIG Cisco IOS Router RTR v1r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000570 - The Cisco BGP switch must be configured to limit the prefix size on any inbound route advertisement to /24, or the least significant prefixes issued to the customer. - neighbors | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000890 - The Cisco multicast Designated switch (DR) must be configured to set the shortest-path tree (SPT) threshold to infinity to minimalize source-group (S, G) state within the multicast topology where Any Source Multicast (ASM) is deployed. | DISA STIG Cisco NX-OS Switch RTR v1r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-EG-000150 - Exchange Receive connectors must control the number of recipients per message. | DISA Microsoft Exchange 2013 Edge Transport Server STIG v1r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EX13-MB-000270 - The Exchange Global Recipient Count Limit must be set. | DISA Microsoft Exchange 2013 Mailbox Server STIG v1r6 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-LT-000221 - The BIG-IP Core implementation must be configured to protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing pattern recognition pre-processors when providing content filtering to virtual servers. | DISA F5 BIG-IP Local Traffic Manager 11.x STIG v1r3 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000540 - The Juniper BGP router must be configured to use the maximum prefixes feature to protect against route table flooding and prefix de-aggregation attacks. | DISA STIG Juniper Router RTR v1r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000810 - The Juniper multicast Rendezvous Point (RP) router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) source-active entries - suppress | DISA STIG Juniper Router RTR v1r4 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0960 - TCP intercept features must be provided by the network device - tcp-flags | DISA STIG Juniper Perimeter Router V8R30 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0960 - TCP intercept features must be provided by the network device - tcp-flags | DISA STIG Juniper Perimeter Router V8R32 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Infrastructure Router and L3 Switch v8r28 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Perimeter Router and L3 Switch v8r31 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Perimeter Router v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods - tcp-flags | DISA STIG Juniper Perimeter Router V8R32 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods - tcp-flags | DISA STIG Juniper Perimeter Router V8R30 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods. - 'connection timeout' | DISA STIG Cisco Firewall v8r24 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods. - 'connection timeout' | DISA STIG Cisco Firewall v8r25 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods. - 'policy-map' | DISA STIG Cisco Firewall v8r24 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| NET0965 - The network device must drop half-open TCP connections through filtering thresholds or timeout periods. - 'service-policy' | DISA STIG Cisco Firewall v8r24 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| O112-C3-019200 - The DBMS must restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks - ADMIN_RESTRICTIONS | DISA STIG Oracle 11.2g v1r18 Windows | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000289 - OHS must have the LimitRequestFields directive set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| OH12-1X-000291 - OHS must have the LimitRequestLine directive set to restrict the ability of users to launch Denial of Service (DoS) attacks against other information systems or networks. | DISA STIG Oracle HTTP Server 12.1.3 v1r7 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| Overview of the HTTP profile | Tenable F5 BIG-IP Best Practice Audit | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| UBTU-22-251025 - Ubuntu 22.04 LTS must configure the Uncomplicated Firewall (ufw) to rate-limit impacted network interfaces. | DISA STIG Canonical Ubuntu 22.04 LTS v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCLU-70-000030 - Lookup Service must disable the shutdown port. | DISA STIG VMware vSphere 7.0 Lookup Service v1r2 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| VCST-67-000029 - The Security Token Service must disable the shutdown port. | DISA STIG VMware vSphere 6.7 STS Tomcat v1r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001570 - The WebSphere Application Server high availability applications must be installed on a cluster. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - Default | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBFAPInbound | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBJMSRAThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - SIBJMSRAThreadPool | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - TCPChannel.DCS | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WBSP-AS-001590 - The WebSphere Application Server thread pool size must be defined to application load requirements - WMQJCAResourceAdapter | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| WDNS-SC-000027 - The Windows 2012 DNS Server must use DNS Notify to prevent denial of service through increase in workload. | DISA Microsoft Windows 2012 Server DNS STIG v1r14 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| WG410 IIS6 - Interactive scripts must have proper access controls. - 'AspScriptTimeout set to 90 or less' | DISA STIG IIS 6.0 Site Checklist v6r16 | Windows | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| WN11-CC-000035 - The system must be configured to ignore NetBIOS name release requests except from WINS servers. | DISA Windows 11 STIG v2r1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
