CISC-RT-000237 – The Cisco switch must not be configured to use IPv6 Site Local Unicast addresses.
Details As currently defined, site local addresses are ambiguous and can be present in multiple sites. The address itself does...
- Home
- Security Hardening
- DISA STIG Cisco IOS Switch RTR V2R1
DISA STIG Cisco IOS Switch RTR V2R1
CISC-RT-000235 – The Cisco switch must be configured to have Cisco Express Forwarding enabled – ip
Details The Cisco Express Forwarding (CEF) switching mode replaces the traditional Cisco routing cache with a data structure that mirrors...CISC-RT-000235 – The Cisco switch must be configured to have Cisco Express Forwarding enabled – ipv6
Details The Cisco Express Forwarding (CEF) switching mode replaces the traditional Cisco routing cache with a data structure that mirrors...CISC-RT-000240 – The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception – access-group in
Details A deny-all, permit-by-exception network communications traffic policy ensures that only connections that are essential and approved are allowed. This...CISC-RT-000240 – The Cisco perimeter switch must be configured to deny network traffic by default and allow network traffic by exception – deny rule
Details A deny-all, permit-by-exception network communications traffic policy ensures that only connections that are essential and approved are allowed. This...CISC-RT-000250 – The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Details Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of...CISC-RT-000260 – The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Details Unrestricted traffic may contain malicious traffic that poses a threat to an enclave or to other connected networks. Additionally,...CISC-RT-000270 – The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes – access-group in
Details Packets with Bogon IP source addresses should never be allowed to traverse the IP core. Bogon IP networks are...CISC-RT-000270 – The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes – deny 0.0.0.0
Details Packets with Bogon IP source addresses should never be allowed to traverse the IP core. Bogon IP networks are...CISC-RT-000270 – The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes – deny 10.0.0.0
Details Packets with Bogon IP source addresses should never be allowed to traverse the IP core. Bogon IP networks are...