STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to enforce a Quality-of-Service (QoS) policy to limit the effects of packet flooding denial-of-service (DoS) attacks.

DISA Rule

SV-207129r604135_rule

Vulnerability Number

V-207129

Group Title

SRG-NET-000193

Rule Version

SRG-NET-000193-RTR-000112

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Implement a mechanism for traffic prioritization and bandwidth reservation. This mechanism must enforce the traffic priorities specified by the Combatant Commands/Services/Agencies.

Check Contents

Review the router configuration and interview the System Administrator to verify that a mechanism for traffic prioritization and bandwidth reservation exists.

This arrangement must ensure that sufficient capacity is available for mission-critical traffic and enforce the traffic priorities specified by the Combatant Commands/Services/Agencies.

If no such scheme exists or it is not configured, this is a finding.

Vulnerability Number

V-207129

Documentable

False

Rule Version

SRG-NET-000193-RTR-000112

Severity Override Guidance

Review the router configuration and interview the System Administrator to verify that a mechanism for traffic prioritization and bandwidth reservation exists.

This arrangement must ensure that sufficient capacity is available for mission-critical traffic and enforce the traffic priorities specified by the Combatant Commands/Services/Agencies.

If no such scheme exists or it is not configured, this is a finding.

Check Content Reference

M

Target Key

2917

Comments