STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to ignore or block all packets with any IP options.

DISA Rule

SV-216981r604135_rule

Vulnerability Number

V-216981

Group Title

SRG-NET-000205

Rule Version

SRG-NET-000205-RTR-000016

Severity

CAT II

CCI(s)

CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

Fix Recommendation

Configure the router to drop all packets with IP options.

Check Contents

Review the router configuration to determine if it will block all packets with IP options.

If the router is not configured to drop all packets with IP options, this is a finding.

Vulnerability Number

V-216981

Documentable

False

Rule Version

SRG-NET-000205-RTR-000016

Severity Override Guidance

Review the router configuration to determine if it will block all packets with IP options.

If the router is not configured to drop all packets with IP options, this is a finding.

Check Content Reference

Target Key

2917

The PE router must be configured to ignore or block all packets with any IP options.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments