STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-216794r531087_rule
V-216794
SRG-NET-000343-RTR-000001
CISC-RT-000660
CAT II
10
The severity level can be downgraded to a category 3 if the router is configured to authenticate targeted LDP sessions using MD5 as shown in the example below.
RP/0/0/CPU0:R3(config)#mpls ldp
RP/0/0/CPU0:R3(config-ldp)#neighbor 10.1.1.1
RP/0/0/CPU0:R3(config-ldp)#neighbor password clear xxxxxxxx
RP/0/0/CPU0:R3(config-ldp)#neighbor 10.1.2.1
RP/0/0/CPU0:R3(config-ldp)#neighbor password clear xxxxxxxx
RP/0/0/CPU0:R3(config-ldp)#commit
The Cisco router is not compliant with this requirement; hence, it is a finding. However, the severity level can be downgraded to a category 3 if the router is configured to authenticate targeted LDP sessions using MD5 as shown in the configuration example below.
mpls ldp
router-id 10.1.1.2
neighbor 10.1.1.1
password encrypted xxxxxxxxxxxxxxx
neighbor 10.1.2.1
password encrypted xxxxxxxxxxxxxxx
If the router is not configured to authenticate targeted LDP sessions using MD5, the finding will remain as a CAT II.
V-216794
False
CISC-RT-000660
The Cisco router is not compliant with this requirement; hence, it is a finding. However, the severity level can be downgraded to a category 3 if the router is configured to authenticate targeted LDP sessions using MD5 as shown in the configuration example below.
mpls ldp
router-id 10.1.1.2
neighbor 10.1.1.1
password encrypted xxxxxxxxxxxxxxx
neighbor 10.1.2.1
password encrypted xxxxxxxxxxxxxxx
If the router is not configured to authenticate targeted LDP sessions using MD5, the finding will remain as a CAT II.
M
4029