STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The out-of-band management (OOBM) gateway router must be configured to have separate IGP instances for the managed network and management network.

DISA Rule

SV-207116r604135_rule

Vulnerability Number

V-207116

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000011

Severity

CAT II

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure the router to enforce that Interior Gateway Protocol instances configured on the OOBM gateway router peer only with their own routing domain.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Verify that the OOBM interface is an adjacency in the Interior Gateway Protocol routing domain for the management network.

If the router does not enforce that Interior Gateway Protocol instances configured on the OOBM gateway router peer only with their own routing domain, this is a finding.

Vulnerability Number

V-207116

Documentable

False

Rule Version

SRG-NET-000019-RTR-000011

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Verify that the OOBM interface is an adjacency in the Interior Gateway Protocol routing domain for the management network.

If the router does not enforce that Interior Gateway Protocol instances configured on the OOBM gateway router peer only with their own routing domain, this is a finding.

Check Content Reference

M

Target Key

2917

Comments