Item Search

NameAudit NamePluginCategory
NET-IPV6-008 - IPV6 Bogons are not blocked - 'deny ipv6 3FFE::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-008 - IPV6 Bogons are not blocked - 'deny ipv6 any 3FFE::/16 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'deny ipv6 any any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'permit icmp any any nd-na'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-010 - Inbound ICMPv6 messages are not blocked - 'permit icmp any any time-exceeded'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0230 - Network element is not password protectedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0340 - Network devices must display the DoD-approved logon banner warning.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Interface Check - authentication key-chain)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication key-chain)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'RIPv2 (Interface Check - authentication mode)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0405 - A service or feature that calls home to the vendor must be disabled.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET0410 - BGP sessions are not restricted. 'ACL IP Recieve Access-List (ICMP Fragments)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0410 - BGP sessions are not restricted. 'ACL IP Recieve Access-List (Permited BGP)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0410 - BGP sessions are not restricted. 'ACL Permited BGP Neighbors'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0433 - The device is not authenticated using a AAA server - 'ip http authentication'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0740 - HTTP server is not disabledDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0744 - BSDr commands are not disabled - rsh-enableDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0781 - Gratuitous ARP must be disabled.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0800 - Filter ICMP on external interface. - 'no ip unreachables'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0812 - Two NTP servers are not used to synchronize time - 'Second NTP Server'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET0890 - Network devices must only allow SNMPv3 access from addresses belonging to the management network.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0897 - TACACS Authentication traffic does not use loopback interface.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0902 - FTP/TFTP traffic does not use loopback - 'ip ftp source-interface Loopback0'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0910 - Perimeter is not compliant with DoD Instr. 8551.1DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0923 - IPv4 Loopback address is not blockedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0927 - RFC1918 addresses are not blocked - '192.168.0.0/16 Network Blocked'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0950 - uRPF strict mode or ACL not enabled on egress interface - 'access-list URPF_ACL deny ip any any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL deny'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0989 - Management traffic leaks into the managed network - 'access-list OOBM_INGRESS_ACL deny'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0989 - Management traffic leaks into the managed network - 'OOBM Interface (ip access-list ACL_LIST in)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 1 (Egress ACL)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL deny)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL permit LOCAL_MANAGEMENT_NETWORK)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 3 (access-list MGMT_EGRESS_ACL deny)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0994 - Management interface is assigned to a user VLAN - 'access mode'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1007 - Management traffic is not classified and marked - 'ip access-list extended MGMT_TRAFFIC_CLASSIFICATION_ACL permit'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1020 - Interface ACL deny statements are not loggedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1021 - The network element must log all messages except debugging - 'Logging buffered'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging - 'Logging LOGGING_HOST_IP'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1021 - The network element must log all messages except debugging - 'Logging trap'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1624 - The console port does not timeout after 10 minutesDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET1638 - Management connections must be secured by FIPS 140-2 -'ip http server'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET1646 - SSH login attempts value is greater than 3 - 'ip ssh authentication-retries not found'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET1665 - Using default SNMP community names - 'Community set to Public or Private'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

RADIUS Authentication traffic does not use loopbackDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
SNMPv2 CONFIG IF STATEMENT With ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
TACACS Authentication traffic does not use loopbackDISA STIG Cisco Perimeter L3 Switch v8r32Cisco