STIGQter: STIG Summary: HP FlexFabric Switch RTR Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

The HP FlexFabric Switch must configure the maximum hop limit value to at least 32.

DISA Rule

SV-80615r2_rule

Vulnerability Number

V-66125

Group Title

SRG-NET-000512-RTR-000012

Rule Version

HFFS-RT-000019

Severity

CAT II

CCI(s)

• CCI-001097 - The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Weight

10

Fix Recommendation

If the max hop set is not configured then use the following command to configure it:

[HP] ipv6 hop-limit 255

Check Contents

Review the HP FlexFabric Switch configuration to determine if the maximum hop limit has been configured.

If the maximum hop limit is not configured, this is a finding.

If it has been configured, then it must be set to at least 32; otherwise this is a finding.

[5900CP]display current-configuration | i hop-limit
ipv6 hop-limit 255

Note: The default value for the maximum hop limit is 64.

Vulnerability Number

V-66125

Documentable

False

Rule Version

HFFS-RT-000019

Severity Override Guidance

Review the HP FlexFabric Switch configuration to determine if the maximum hop limit has been configured.

If the maximum hop limit is not configured, this is a finding.

If it has been configured, then it must be set to at least 32; otherwise this is a finding.

[5900CP]display current-configuration | i hop-limit
ipv6 hop-limit 255

Note: The default value for the maximum hop limit is 64.

Check Content Reference

M

Target Key

2979

Comments