STIGQter STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DoDIN Technical Profile.

DISA Rule

SV-207130r604135_rule

Vulnerability Number

V-207130

Group Title

SRG-NET-000193

Rule Version

SRG-NET-000193-RTR-000113

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure a QoS policy on each router in accordance with the QoS GIG Technical Profile.

Check Contents

Review the router configuration and verify that a QoS policy has been configured to provide preferred treatment for mission-critical applications in accordance with the QoS GIG Technical Profile.

Verify that the class-maps are configured to match on DSCP, protocols, or access control lists (ACLs) that identify traffic types based on ports.

Verify that the policy-map is configured to set DSCP values for the defined class-maps in accordance with the QoS GIG Technical Profile.

Verify that an output service policy is bound to all interfaces.

Note: The GTP QOS document (GTP-0009) can be downloaded via the following link:
https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List

If the router is not configured to implement a QoS policy in accordance with the QoS GIG Technical Profile, this is a finding.

Vulnerability Number

V-207130

Documentable

False

Rule Version

SRG-NET-000193-RTR-000113

Severity Override Guidance

Review the router configuration and verify that a QoS policy has been configured to provide preferred treatment for mission-critical applications in accordance with the QoS GIG Technical Profile.

Verify that the class-maps are configured to match on DSCP, protocols, or access control lists (ACLs) that identify traffic types based on ports.

Verify that the policy-map is configured to set DSCP values for the defined class-maps in accordance with the QoS GIG Technical Profile.

Verify that an output service policy is bound to all interfaces.

Note: The GTP QOS document (GTP-0009) can be downloaded via the following link:
https://intellipedia.intelink.gov/wiki/Portal:GIG_Technical_Guidance/GTG_GTPs/GTP_Development_List

If the router is not configured to implement a QoS policy in accordance with the QoS GIG Technical Profile, this is a finding.

Check Content Reference

M

Target Key

2917

Comments