Item Search

NameAudit NamePluginCategory
ARST-L2-000030 - The Arista MLS layer 2 switch must be configured for Storm Control to limit the effects of packet flooding types of denial-of-service (DoS) attacks.DISA STIG Arista MLS EOS 4.2x L2S v2r1Arista

SYSTEM AND COMMUNICATIONS PROTECTION

CASA-FW-000150 - The Cisco ASA must be configured to enable threat detection to mitigate risks of denial-of-service (DoS) attacks.DISA STIG Cisco ASA FW v2r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks - DoS attacks.DISA STIG Cisco IOS XE Switch L2S v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-L2-000040 - The Cisco switch must manage excess bandwidth to limit the effects of packet-flooding types of denial-of-service (DoS) attacks.DISA STIG Cisco IOS Switch L2S v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial of service (DoS) attacks by employing control plane protection.DISA STIG Cisco IOS XE Router RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA STIG Cisco IOS Router RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA STIG Cisco NX-OS Switch RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA STIG Cisco IOS Switch RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA STIG Cisco IOS XE Switch RTR v3r1Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-L2-000040 - The Juniper EX switch must be configured to manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.DISA Juniper EX Series Layer 2 Switch v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000170 - The Juniper perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the site's address space.DISA Juniper EX Series Router v2r1Juniper

ACCESS CONTROL

JUEX-RT-000340 - The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000380 - The Juniper router must be configured to restrict traffic destined to itself.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000390 - The Juniper router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000440 - The Juniper PE router must be configured to block any traffic that is destined to IP core infrastructure.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000450 - The Juniper PE router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode, or a firewall filter, enabled on all CE-facing interfaces.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000500 - The Juniper perimeter router must be configured to restrict it from accepting outbound IP packets that contain an illegitimate address in the source address field via egress filter or by enabling Unicast Reverse Path Forwarding (uRPF).DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000510 - The Juniper perimeter router must be configured to block all packets with any IP options.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000520 - The Juniper PE router must be configured to ignore or block all packets with any IP options.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000590 - The Juniper router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000610 - The Juniper router must be configured to have IP directed broadcast disabled on all interfaces.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000680 - The Juniper multicast RP router must be configured to limit the multicast forwarding cache so that its resources are not saturated by managing an overwhelming number of PIM and MSDP source-active entries.DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUEX-RT-000720 - The Juniper BGP router must be configured to enable the Generalized TTL Security Mechanism (GTSM).DISA Juniper EX Series Router v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000120 - The Juniper router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection - filterDISA STIG Juniper Router RTR v3r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUNI-RT-000120 - The Juniper router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection - policerDISA STIG Juniper Router RTR v3r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-AG-000120 - The Juniper SRX Services Gateway Firewall providing content filtering must protect against known and unknown types of denial-of-service (DoS) attacks by implementing statistics-based screens - DoS attacks by implementing statistics-based screens.DISA Juniper SRX Services Gateway ALG v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-AG-000121 - The Juniper SRX Services Gateway Firewall must implement load balancing on the perimeter firewall, at a minimum, to limit the effects of known and unknown types of denial-of-service (DoS) attacks on the network - DoS attacks on the network.DISA Juniper SRX Services Gateway ALG v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-AG-000122 - The Juniper SRX Services Gateway Firewall must protect against known types of denial-of-service (DoS) attacks by implementing signature-based screens - DoS attacks by implementing signature-based screens.DISA Juniper SRX Services Gateway ALG v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-AG-000124 - The Juniper SRX Services Gateway Firewall must block outbound traffic containing known and unknown denial-of-service (DoS) attacks to protect against the use of internal information systems to launch any DoS attacks against other networks or endpoints - DoS attacks against other networks or endpoints.DISA Juniper SRX Services Gateway ALG v3r2Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000005 - The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that rules are applied to outbound communications traffic.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000006 - The Juniper Networks SRX Series Gateway IDPS must block outbound traffic containing known and unknown DoS attacks by ensuring that signature-based objects are applied to outbound communications traffic.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000017 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing rate-based attack prevention behavior analysis.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000018 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known and unknown types of Denial of Service (DoS) attacks by employing anomaly-based detection.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-IP-000019 - The Juniper Networks SRX Series Gateway IDPS must protect against or limit the effects of known types of Denial of Service (DoS) attacks by employing signatures.DISA Juniper SRX Services Gateway IDPS v2r1Juniper

SYSTEM AND COMMUNICATIONS PROTECTION

JUSX-VN-000001 - The Juniper SRX Services Gateway VPN must limit the number of concurrent sessions for user accounts to one (1) and administrative accounts to three (3), or set to an organization-defined number.DISA Juniper SRX Services Gateway VPN v3r1Juniper

ACCESS CONTROL

JUSX-VN-000016 - The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations.DISA Juniper SRX Services Gateway VPN v3r1Juniper

CONFIGURATION MANAGEMENT

PANW-AG-000047 - The Palo Alto Networks security platform must protect against the use of internal systems for launching denial-of-service (DoS) attacks against external networks or endpoints - DoS attacks against other networks or endpoints.DISA STIG Palo Alto ALG v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-AG-000049 - The Palo Alto Networks security platform must block phone home traffic.DISA STIG Palo Alto ALG v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-AG-000102 - The Palo Alto Networks security platform must protect against denial-of-service (DoS) attacks from external sources - traffic thresholds.DISA STIG Palo Alto ALG v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-IP-000018 - The Palo Alto Networks security platform must have a denial-of-service (DoS) Protection Profile for outbound traffic applied to a policy for traffic originating from the internal zone going to the external zone.DISA STIG Palo Alto IDPS v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-IP-000041 - The Palo Alto Networks security platform must protect against or limit the effects of known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds) - DoS Protection ObjectDISA STIG Palo Alto IDPS v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-IP-000041 - The Palo Alto Networks security platform must protect against or limit the effects of known and unknown types of denial-of-service (DoS) attacks by employing rate-based attack prevention behavior analysis (traffic thresholds) - DoS Protection PolicyDISA STIG Palo Alto IDPS v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION

PANW-IP-000043 - The Palo Alto Networks security platform must use a Vulnerability Protection Profile that blocks any critical, high, or medium threats.DISA STIG Palo Alto IDPS v3r1Palo_Alto

SYSTEM AND COMMUNICATIONS PROTECTION