STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain.

DISA Rule

SV-207158r604135_rule

Vulnerability Number

V-207158

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-RTR-000119

Severity

CAT III

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure IGMP or MLD snooping for IPv4 and IPv6 multicast traffic respectively for each VPLS bridge domain.

Check Contents

Review the router configuration to verify that IGMP or MLD snooping has been configured for IPv4 and IPv6 multicast traffic respectively for each VPLS bridge domain (VFI instance).

If the router is not configured to implement IGMP or MLD snooping for each VPLS bridge domain, this is a finding.

Vulnerability Number

V-207158

Documentable

False

Rule Version

SRG-NET-000362-RTR-000119

Severity Override Guidance

Review the router configuration to verify that IGMP or MLD snooping has been configured for IPv4 and IPv6 multicast traffic respectively for each VPLS bridge domain (VFI instance).

If the router is not configured to implement IGMP or MLD snooping for each VPLS bridge domain, this is a finding.

Check Content Reference

M

Target Key

2917

Comments