STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups.

DISA Rule

SV-207119r604135_rule

Vulnerability Number

V-207119

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000014

Severity

CAT III

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

RP routers that are peering with customer PIM-SM routers must implement a PIM import policy to block join messages for reserved and any undesirable multicast groups.

Check Contents

Verify that the RP router is configured to filter PIM register messages.

Note: Alternative is to configure all designated routers to filter IGMP Membership Report (a.k.a join) messages received from hosts.

If the RP router peering with PIM-SM routers is not configured with a PIM import policy to block registration messages for any undesirable multicast groups and Bogon sources, this is a finding.

Vulnerability Number

V-207119

Documentable

False

Rule Version

SRG-NET-000019-RTR-000014

Severity Override Guidance

Verify that the RP router is configured to filter PIM register messages.

Note: Alternative is to configure all designated routers to filter IGMP Membership Report (a.k.a join) messages received from hosts.

If the RP router peering with PIM-SM routers is not configured with a PIM import policy to block registration messages for any undesirable multicast groups and Bogon sources, this is a finding.

Check Content Reference

M

Target Key

2917

Comments