STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.

DISA Rule

SV-207114r604135_rule

Vulnerability Number

V-207114

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000009

Severity

CAT I

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure a static route on the perimeter router to reach the AS of a router connecting to an alternate gateway.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review the configuration of the router connecting to the alternate gateway.

Verify there are no BGP neighbors configured to the remote AS that belongs to the alternate gateway service provider.

If there are BGP neighbors connecting the remote AS of the alternate gateway service provider, this is a finding.

Vulnerability Number

V-207114

Documentable

False

Rule Version

SRG-NET-000019-RTR-000009

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review the configuration of the router connecting to the alternate gateway.

Verify there are no BGP neighbors configured to the remote AS that belongs to the alternate gateway service provider.

If there are BGP neighbors connecting the remote AS of the alternate gateway service provider, this is a finding.

Check Content Reference

M

Target Key

2917

Comments