STIGQter: STIG Summary: Layer 2 Switch Security Requirements Guide Version: 1 Release: 6 Benchmark Date: 24 Jan 2020:

The layer 2 switch must have IP Source Guard enabled on all user-facing or untrusted access switch ports.

DISA Rule

SV-76673r1_rule

Vulnerability Number

V-62183

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-L2S-000026

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Configure the switch to have IP Source Guard enabled on all user-facing or untrusted access switch ports.

Check Contents

Review the switch configuration to verify that IP Source Guard is enabled on all user-facing or untrusted access switch ports.

If the switch does not have IP Source Guard enabled on all untrusted access switch ports, this is a finding.

Vulnerability Number

V-62183

Documentable

False

Rule Version

SRG-NET-000362-L2S-000026

Severity Override Guidance

Review the switch configuration to verify that IP Source Guard is enabled on all user-facing or untrusted access switch ports.

If the switch does not have IP Source Guard enabled on all untrusted access switch ports, this is a finding.

Check Content Reference

M

Target Key

2917

Comments