STIGQter STIGQter: STIG Summary: Cisco IOS-XE Switch RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The Cisco perimeter switch must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.

DISA Rule

SV-221017r622190_rule

Vulnerability Number

V-221017

Group Title

SRG-NET-000364-RTR-000111

Rule Version

CISC-RT-000370

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Disable CDP on all external interfaces via no cdp enable command or disable CDP globally via no cdp run command.

Check Contents

Step 1: Verify if CDP is enabled globally as shown below:

cdp run

By default, CDP is not enabled globally or on any interface. If CDP is enabled globally, proceed to Step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below:

interface GigabitEthernet2
ip address z.1.24.4 255.255.255.252



cdp enable

If CDP is enabled on any external interface, this is a finding.

Vulnerability Number

V-221017

Documentable

False

Rule Version

CISC-RT-000370

Severity Override Guidance

Step 1: Verify if CDP is enabled globally as shown below:

cdp run

By default, CDP is not enabled globally or on any interface. If CDP is enabled globally, proceed to Step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below:

interface GigabitEthernet2
ip address z.1.24.4 255.255.255.252



cdp enable

If CDP is enabled on any external interface, this is a finding.

Check Content Reference

M

Target Key

4074

Comments