Cisco IOS Switch RTR STIG

Cisco IOS Switch RTR Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CISC-RT-000060 V-220424 The Cisco switch must be configured to have all inactive Layer 3 interfaces disabled. Cat III
CISC-RT-000380 V-220451 The Cisco perimeter switch must be configured to have Proxy ARP disabled on all external interfaces. Cat II
CISC-RT-000450 V-220453 The Cisco switch must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface. Cat II
CISC-RT-000320 V-220445 The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1. Cat II
CISC-RT-000140 V-220430 The Cisco switch must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself. Cat II
CISC-RT-000330 V-220446 The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction. Cat II
CISC-RT-000240 V-220440 The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception. Cat I
CISC-RT-000760 V-220458 The Cisco PE switch must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile. Cat III
CISC-RT-000130 V-220429 The Cisco switch must be configured to restrict traffic destined to itself. Cat I
CISC-RT-000270 V-220443 The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes. Cat II
CISC-RT-000360 V-220449 The Cisco perimeter switch must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces. Cat III
CISC-RT-000800 V-220462 The Cisco multicast switch must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled. Cat II
CISC-RT-000230 V-220439 The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication. Cat III
CISC-RT-000080 V-220470 The Cisco switch must not be configured to have any feature enabled that calls home to the vendor. Cat II
CISC-RT-000740 V-220456 The Cisco PE switch must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces. Cat II

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes