STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

SV-207109r604135_rule

Vulnerability Number

V-207109

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000003

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Document all enabled interfaces for PIM in the network's multicast topology diagram. Disable support for PIM on interfaces that are not required to support it.

Check Contents

If IPv4 or IPv6 multicast routing is enabled, verify all interfaces enabled for PIM are documented in the network's multicast topology diagram.

Review the router configuration to determine if multicast routing is enabled and which interfaces are enabled for PIM.

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Vulnerability Number

V-207109

Documentable

False

Rule Version

SRG-NET-000019-RTR-000003

Severity Override Guidance

If IPv4 or IPv6 multicast routing is enabled, verify all interfaces enabled for PIM are documented in the network's multicast topology diagram.

Review the router configuration to determine if multicast routing is enabled and which interfaces are enabled for PIM.

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Check Content Reference

M

Target Key

2917

Comments