Yet I see BSD on the STIG list as well. Are there different levels of security for the list items or how does this work if Windows can be said to be more secure than BSD even if both are checkmarked on the audits?

Since you keep editing your comment:

Not sure what you mean, but the custom Windows Server that the US government uses is likely more secure than BSD.

>Yet I see BSD on the STIG list as well.

No you don't. DISA does not provide STIGs for any of the BSDs. The US government does not use the BSDs for secure systems (TS+ etc.).

Interesting... does that mean that all secure systems are running on Cisco networking?

As said, they do have STIGs and CIS documents for JunOS but I guess they don't run any Juniper in the US secure networking despite of having certifications.

>Interesting... does that mean that all secure systems are running on Cisco networking?

Now you're strawmaning on top of shifting goal posts again.

>As said, they do have STIGs and CIS documents for JunOS

No they don't. The CIS documents specifically outline the operating systems they support, and there are ZERO BSDs listed (click on Operating Systems)[0].

Similarly, there are zero STIGs for Junos OS. There are STIGs and CIS benchmarks for Juniper network devices, but not for Junos OS. The actual devices could be running on FreeDOS for all we care, but FreeDOS in and of itself would not be allowed to run on any servers. Hilariously, even Juniper is moving away from BSD. Junos OS Evolved is Linux based.

You're fractally wrong.

[0] https://www.cisecurity.org/cis-benchmarks/