| ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000350 - The Arista router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000350 - The Arista router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000370 - The Arista perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000370 - The Arista perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000380 - The Arista perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000380 - The Arista perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000390 - The Arista BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000390 - The Arista BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000650 - The Arista perimeter router must be configured to block all outbound management traffic. | DISA Arista MLS EOS 4.X Router STIG v2r2 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| ARST-RT-000650 - The Arista perimeter router must be configured to block all outbound management traffic. | DISA STIG Arista MLS EOS 4.2x Router v2r1 | Arista | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000170 - The Cisco ASA perimeter firewall must be configured to filter traffic destined to the enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments - ACL | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CASA-FW-000170 - The Cisco ASA perimeter firewall must be configured to filter traffic destined to the enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments - Interface | DISA STIG Cisco ASA FW v2r1 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000140 - The Cisco switch must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Cisco IOS Router RTR STIG v3r4 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA Cisco NX OS Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| CISC-RT-000730 - The Cisco PE switch must be configured to block any traffic that is destined to the IP core infrastructure. | DISA Cisco IOS XE Switch RTR STIG v3r3 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-AP-300162 - The F5 BIG-IP appliance providing remote access intermediary services must be configured to route sessions to an IDPS for inspection. | DISA F5 BIG-IP TMOS ALG STIG v1r2 | F5 | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| F5BI-FW-300033 - The BIG-IP appliance perimeter firewall must be configured to filter traffic destined to the enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL) and vulnerability assessments. | DISA F5 BIG-IP TMOS Firewall STIG v1r1 | F5 | SYSTEM AND COMMUNICATIONS PROTECTION |
| FNFG-FW-000085 - The FortiGate firewall must filter traffic destined to the internal enclave in accordance with the specific traffic that is approved and registered in the Ports, Protocols, and Services Management (PPSM) Category Assurance List (CAL), Vulnerability Assessments (VAs) for that the enclave. | DISA Fortigate Firewall STIG v1r4 | FortiGate | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000380 - The Juniper router must be configured to restrict traffic destined to itself. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000390 - The Juniper router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000400 - The Juniper perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000410 - The Juniper perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000420 - The Juniper perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000430 - The Juniper BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000440 - The Juniper PE router must be configured to block any traffic that is destined to IP core infrastructure. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000450 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode, or a firewall filter, enabled on all CE-facing interfaces. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000460 - The Juniper out-of-band management (OOBM) gateway must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000470 - The Juniper out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000480 - The Juniper out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000490 - The Juniper router must be configured to only permit management traffic that ingresses and egresses the OOBM interface. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-RT-000770 - The Juniper perimeter router must be configured to block all outbound management traffic. | DISA Juniper EX Series Router v2r1 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000380 - The Dell OS10 Router must be configured to restrict traffic destined to itself. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000390 - The Dell OS10 Router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000430 - The Dell OS10 BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000470 - The Dell OS10 out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| OS10-RTR-000480 - The Dell OS10 out-of-band management (OOBM) gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC. | DISA Dell OS10 Switch Router STIG v1r1 | Dell_OS10 | SYSTEM AND COMMUNICATIONS PROTECTION |
| RHEL-10-800100 - RHEL 10 must not forward Internet Protocol version 4 (IPv4) source-routed packets. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
