Title

IPv6 will be disabled until a deliberate transition strategy has been implemented. (Cat II impact)

Discussion

Any nodes’ interface with IPv6 enabled by default presents a potential risk of traffic being transmitted or received without proper risk mitigation strategy and therefore a serious security concern.

Check Content

Prior to transition, IPv6 will not be installed. The following registry key indicates the IPv6 protocol has been installed. If it exists, then this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Subkey: \System\CurrentControlSet\Services\Tcpip6 Note: The Gold Disk can only check for the existence of the key. If IPv6 has been implemented in your environment, manually close the finding. See S0-C1-imp-1 of the The Department of National Intelligence/Department of Defense (DoD) Internet Protocol version 6 (IPv6) Information Assurance Guidance for Milestone Objective 3 for additional information.

Fix Text

Uninstall the IPv6 protocol until a deliberate transition strategy has been implemented.

Additional Identifiers

Rule ID: SV-30296r1_rule

Vulnerability ID: V-14262

Group Title: IPv6 Transition

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.