Detections
Analytics

DISA STIG Cisco Perimeter Router v8r8

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco Perimeter Router v8r8

Updated: 6/10/2019

Authority: DISA STIG

Plugin: Cisco

Revision: 1.25

Estimated Item Count: 324

Audit Changelog

 
Revision 1.25

Jun 10, 2019

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
Revision 1.24

Feb 6, 2019

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.23

Dec 12, 2018

Informational Update
  • NET-IPV6-016 - IPv6 Filter ICMPv6 on external interface
  • NET-IPV6-044 - Split Domain IPv6 interface has 6to5 tunnel
  • NET-IPV6-045 - Split Domain IPv4 interface has 6to5 tunnel
  • NET-IPV6-046 - Split Domain has IPv6 transition mechanism
  • NET-IPV6-047 - IPv4 Interfaces in NAT-PT receive IPv6
  • NET-IPV6-048 - Tunneled IPv4 in IPv6 traffic in NAT-PT
  • NET-TUNL-017 - ISATAP tunnels must terminate at interior router
  • NET0167 - AG must adhere to PPS boundary 13 and 14 policies
  • NET0180 - Non-registered or unauthorized IP address
  • NET0185 - Unauthorized addresses within SIPRNet enclave
  • NET0240 - Devices exist that have standard default passwords
  • NET0412 - Unique keys are not used for eBGP authentication
  • NET0422 - Keys expiration exceeds 180 days.
  • NET0460 - Group accounts or user accounts without passwords - 'Group Accounts'
  • NET0465 - Assign lowest privilege level to user accounts
  • NET0470 - Unnecessary or unauthorized accounts exist.
  • NET0910 - Perimeter is not compliant with DOD Instr. 8551.1
  • NET0928 - Advertising unauthorized Bogon addresses
  • NET0950 - uRPF strict mode not enabled on egress interface - 'uRFP Not Enabled'
  • NET0966 - Control plan protection is not enabled - 'Steps 1 - 3'
  • NET0985 - IGP instances do not peer with appropriate domain
  • NET0987 - Managed network has access to OOBM gateway router - 'Review OOBM_EGRESS_ACL'
  • NET0993 - The management interface is not IGP passive
  • NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL Permit/Deny'
  • NET1007 - Management traffic is not classified marked
  • NET1008 - Management traffic doesn't get preferred treatment
  • NET1030 - Run and startup configs are not synchronized
  • NET1071 - TFTP server access is not restricted
  • NET1675 - SNMP privilege and non-privileged access
  • NET1800 - IPSec VPN is not configured as a tunnel type VPN
  • NET1808 - Remote VPN end-point not a mirror of local gateway
  • NET1935 - More than one IPv6 to IPv4 tunnel defined
  • NET1942 - IPv6 must be filtered on non IPv6 interfaces
  • NET1970 - PAT is vulnerable to DNS cache poisoning
Miscellaneous
  • Metadata updated.
  • References updated.