STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3255.

DISA Rule

SV-220148r604135_rule

Vulnerability Number

V-220148

Group Title

SRG-NET-000364

Rule Version

SRG-NET-000364-RTR-000201

Severity

CAT II

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

Configure the router to drop IPv6 packets with Routing Header of type 0, 1, or 3–255.

Check Contents

This requirement is not applicable for the DODIN Backbone.

Review the router configuration to determine if it is configured to drop IPv6 packets containing a Routing Header of type 0, 1, or 3–255.

If the router is not configured to drop IPv6 packets containing a Routing Header of type 0, 1, or 3–255, this is a finding.

Vulnerability Number

V-220148

Documentable

False

Rule Version

SRG-NET-000364-RTR-000201

Severity Override Guidance

This requirement is not applicable for the DODIN Backbone.

Review the router configuration to determine if it is configured to drop IPv6 packets containing a Routing Header of type 0, 1, or 3–255.

If the router is not configured to drop IPv6 packets containing a Routing Header of type 0, 1, or 3–255, this is a finding.

Check Content Reference

M

Target Key

2917

Comments