STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured to block all outbound management traffic.

DISA Rule

SV-207167r604135_rule

Vulnerability Number

V-207167

Group Title

SRG-NET-000364

Rule Version

SRG-NET-000364-RTR-000113

Severity

CAT II

CCI(s)

• CCI-001097 - The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure the perimeter router of the managed network with an ACL or filter on the egress interface to block all outbound management traffic.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

The perimeter router of the managed network must be configured with an access control list (ACL) or filter on the egress interface to block all management traffic.

If management traffic is not blocked at the perimeter, this is a finding.

Vulnerability Number

V-207167

Documentable

False

Rule Version

SRG-NET-000364-RTR-000113

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

The perimeter router of the managed network must be configured with an access control list (ACL) or filter on the egress interface to block all management traffic.

If management traffic is not blocked at the perimeter, this is a finding.

Check Content Reference

M

Target Key

2917

Comments