STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The router must be configured to restrict traffic destined to itself.

DISA Rule

SV-207133r604135_rule

Vulnerability Number

V-207133

Group Title

SRG-NET-000205

Rule Version

SRG-NET-000205-RTR-000001

Severity

CAT I

CCI(s)

• CCI-001097 - The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Weight

10

Fix Recommendation

Configure all routers with receive path filters to restrict traffic destined to the router.

Check Contents

Review the access control list (ACL) or filter for the router receive path and verify that it will only process specific management plane and control plane traffic from specific sources.

If the router is not configured with a receive-path filter to restrict traffic destined to itself, this is a finding.

Note: If the platform does not support the receive path filter, verify that all Layer 3 interfaces have an ingress ACL to control what packets are allowed to be destined to the router for processing.

Vulnerability Number

V-207133

Documentable

False

Rule Version

SRG-NET-000205-RTR-000001

Severity Override Guidance

Review the access control list (ACL) or filter for the router receive path and verify that it will only process specific management plane and control plane traffic from specific sources.

If the router is not configured with a receive-path filter to restrict traffic destined to itself, this is a finding.

Note: If the platform does not support the receive path filter, verify that all Layer 3 interfaces have an ingress ACL to control what packets are allowed to be destined to the router for processing.

Check Content Reference

M

Target Key

2917

Comments