STIGQter: STIG Summary: Layer 2 Switch Security Requirements Guide Version: 1 Release: 6 Benchmark Date: 24 Jan 2020:

The layer 2 switch must implement Rapid STP where VLANs span multiple switches with redundant links.

DISA Rule

SV-76683r1_rule

Vulnerability Number

V-62193

Group Title

SRG-NET-000512

Rule Version

SRG-NET-000512-L2S-000003

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure Rapid STP to be implemented at the access and distribution layers where VLANs span multiple switches.

Check Contents

In cases where VLANs do not span multiple switches, it is a best practice to not implement STP. Avoiding the use of STP will provide the most deterministic and highly available network topology. If STP is required, then review the switch configuration to verify that Rapid STP has been implemented.

If Rapid STP has not been implemented where STP is required, this is a finding.

Vulnerability Number

V-62193

Documentable

False

Rule Version

SRG-NET-000512-L2S-000003

Severity Override Guidance

In cases where VLANs do not span multiple switches, it is a best practice to not implement STP. Avoiding the use of STP will provide the most deterministic and highly available network topology. If STP is required, then review the switch configuration to verify that Rapid STP has been implemented.

If Rapid STP has not been implemented where STP is required, this is a finding.

Check Content Reference

M

Target Key

2917

Comments