STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured to deny network traffic by default and allow network traffic by exception.

DISA Rule

SV-207132r604135_rule

Vulnerability Number

V-207132

Group Title

SRG-NET-000202

Rule Version

SRG-NET-000202-RTR-000001

Severity

CAT I

CCI(s)

• CCI-001109 - The information system at managed interfaces denies network communications traffic by default and allows network communications traffic by exception (i.e., deny all, permit by exception).

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure the perimeter router to deny network traffic by default and allow network traffic by exception.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review the router configuration to verify that the access control list (ACL) or filter is configured to allow specific ports and protocols and deny all other traffic.

The filter must be configured inbound on all external interfaces.

If the ACL or filter is not configured to allow specific ports and protocols and deny all other traffic, this is a finding.

If the filter is not configured inbound on all external interfaces, this is a finding.

Vulnerability Number

V-207132

Documentable

False

Rule Version

SRG-NET-000202-RTR-000001

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review the router configuration to verify that the access control list (ACL) or filter is configured to allow specific ports and protocols and deny all other traffic.

The filter must be configured inbound on all external interfaces.

If the ACL or filter is not configured to allow specific ports and protocols and deny all other traffic, this is a finding.

If the filter is not configured inbound on all external interfaces, this is a finding.

Check Content Reference

M

Target Key

2917

Comments