Detections
Analytics

DISA STIG Cisco IOS Switch L2S v2r3

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco IOS Switch L2S v2r3

Updated: 12/12/2023

Authority: DISA STIG

Plugin: Cisco

Revision: 1.3

Estimated Item Count: 23

Audit Changelog

 
Revision 1.3

Dec 12, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
Revision 1.2

Sep 12, 2023

Miscellaneous
  • Metadata updated.
  • See also link updated.
  • Variables updated.
Added
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs
Removed
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa authentication
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa group
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - aaa new-model
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - dot1x system-auth-control
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - interface dot1x
  • CISC-L2-000020 - The Cisco switch must uniquely identify and authenticate all network-connected endpoint devices before establishing any connection - radius server
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree loopguard
  • CISC-L2-000110 - The Cisco switch must have Spanning Tree Protocol (STP) Loop Guard enabled - spanning-tree mode
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping
  • CISC-L2-000130 - The Cisco switch must have DHCP snooping for all user VLANs to validate DHCP messages from untrusted sources - ip dhcp snooping vlan
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs - ip igmp snooping
  • CISC-L2-000170 - The Cisco switch must have IGMP or MLD Snooping configured on all VLANs - ip igmp snooping vlan
Revision 1.1

Mar 7, 2023

Miscellaneous
  • Metadata updated.
  • References updated.