STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.

DISA Rule

SV-207176r604135_rule

Vulnerability Number

V-207176

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-RTR-000005

Severity

CAT I

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the PE router to have each VRF bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.

Check Contents

Review the design plan for deploying L3VPN and VRF-lite.

Review all CE-facing interfaces and verify that the proper VRF is defined.

If any VRFs are not bound to the appropriate physical or logical interface, this is a finding.

Vulnerability Number

V-207176

Documentable

False

Rule Version

SRG-NET-000512-RTR-000005

Severity Override Guidance

Review the design plan for deploying L3VPN and VRF-lite.

Review all CE-facing interfaces and verify that the proper VRF is defined.

If any VRFs are not bound to the appropriate physical or logical interface, this is a finding.

Check Content Reference

M

Target Key

2917

Comments