STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco router must be configured to have all inactive interfaces disabled.

DISA Rule

SV-216646r531086_rule

Vulnerability Number

V-216646

Group Title

SRG-NET-000019-RTR-000007

Rule Version

CISC-RT-000060

Severity

CAT III

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Disable all inactive interfaces as shown below:

R4(config)#interface GigabitEthernet3
R4(config-if)#shutdown
R4(config)#interface GigabitEthernet4
R4(config-if)#shutdown

Check Contents

Review the router configuration and verify that inactive interfaces have been disabled as shown below:

interface GigabitEthernet3
shutdown
!
interface GigabitEthernet4
shutdown

If an interface is not being used but is configured or enabled, this is a finding.

Vulnerability Number

V-216646

Documentable

False

Rule Version

CISC-RT-000060

Severity Override Guidance

Review the router configuration and verify that inactive interfaces have been disabled as shown below:

interface GigabitEthernet3
shutdown
!
interface GigabitEthernet4
shutdown

If an interface is not being used but is configured or enabled, this is a finding.

Check Content Reference

M

Target Key

4028

Comments