STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.

DISA Rule

SV-207150r604135_rule

Vulnerability Number

V-207150

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-RTR-000110

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Implement control plane protection by classifying traffic types based on importance and configure filters to restrict and rate limit the traffic directed to and processed by the RP according to each class.

Check Contents

Determine whether control plane protection has been implemented on the device by verifying traffic types have been classified based on importance levels and a policy has been configured to filter and rate limit the traffic according to each class.

If the router does not have control plane protection implemented, this is a finding.

Vulnerability Number

V-207150

Documentable

False

Rule Version

SRG-NET-000362-RTR-000110

Severity Override Guidance

Determine whether control plane protection has been implemented on the device by verifying traffic types have been classified based on importance levels and a policy has been configured to filter and rate limit the traffic according to each class.

If the router does not have control plane protection implemented, this is a finding.

Check Content Reference

M

Target Key

2917

Comments