An error occurred:

Check: CACI-RT-000016

Cisco ACI Router STIG: CACI-RT-000016 (in version v1 r0.1)

Title

The Cisco ACI must not be configured to have any feature enabled that calls home to the vendor. (Cat II impact)

Discussion

Call home services will routinely send data such as configuration and diagnostic information to the vendor for routine or emergency analysis and troubleshooting. There is a risk that transmission of sensitive data sent to unauthorized persons could result in data loss or downtime due to an attack.

Check Content

Verify the Call Home feature is disabled: 1. Navigate to the "Admin" section in the GUI, then expand All >> Communication Management >> Call Home. 2. In the General tab, verify the Admin State is set to "Off". If the Call Home feature is configured to send messages to unauthorized individuals such as Cisco TAC, this is a finding.

Fix Text

Disable the Call Home feature: 1. Navigate to the "Admin" section in the GUI, then expand All >> Communication Management >> Call Home. 2. In the General tab, set the Admin State to "Off". 3. Click "Save".

Additional Identifiers

Rule ID: SV-272076r1064479_rule

Vulnerability ID: V-272076

Group Title: SRG-NET-000131-RTR-000083

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-002403

Only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SC-7(11)

Restrict Incoming Communications Traffic