NET-IPV6-016 - ICMPv6 unreachable notifications and redirects must be disabled - 'no ipv6 unreachables' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'deny ipv6 2002::/16 any log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'Egress deny ipv6 any 2002::/16 log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'deny ipv6 any fec0::/10 log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'Egress deny ipv6 fec0::/10 any log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-029 - IPv6 Multicast Source ADDR are not blocked - 'deny ipv6 ff00::/16 any log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-IPV6-061 - Packet with invalid Destination Option header - Inbound ACL | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-001 - PIM enabled on wrong interfaces -'interfaces enabled for PIM' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 access-list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-009 - No administrative scoped multicast boundary - ipv6 multicast boundary scope 8 | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. '802.1x authentication' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'aaa new-model' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'radius-server host' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET-SRVFRM-003 - ACLs must restrict access to server VLANs | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 97 any any' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 98 any any' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-TUNL-003 - Tunnels do not use explicit IP addresses | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-006 - PPS Vulnerability Assessments Mitigation Filters | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-007 - Deny-by-Default Security Posture | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-017 - ISATAP tunnels must terminate at interior router | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'access-list IPV4_UPLINK_INGRESS_ACL permit 41)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'IPv4 Uplink Interface (ip access-group)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-VLAN-002 - Disabled ports are not kept in an unused VLAN. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET-VLAN-024 - Restricted VLAN not assigned to non-802.1x device. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET0162 - AG ingress ACL is not configured to secure enclave - 'Permit AG ACL' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0164 - AG router has a routing protocol to the enclave. - 'Static Router to AG Service Provider' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Key-Chain Check)' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 Check' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET0410 - BGP sessions are not restricted. 'IP Recieve Access-List' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to send-lifetime infinite' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0440 - In the event the authentication server is unavailable, the network device must have a single local account of last resort defined. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | ACCESS CONTROL |
NET0720 - TCP and UDP small server services are not disabled - 'service udp-small-servers' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | CONFIGURATION MANAGEMENT |
NET0800 - Filter ICMP on external interface. - 'no ip mask-reply' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_2' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | CONFIGURATION MANAGEMENT |
NET0892 - SNMP is blocked at all external interfaces - 'deny tcp 161' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0897 - RADIUS Authentication traffic does not use loopback interface. | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0898 - Syslog traffic is not using loopback address - 'logging source-interface Loopback0' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | AUDIT AND ACCOUNTABILITY |
NET0899 - NTP traffic is not using loopback address | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0911 - Inbound ICMP messages are not blocked - 'deny icmp any any fragments log' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0912 - Outbound ICMP messages are not blocked - 'permit icmp echo-request' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0924 - IPv4 Link-local address is not blocked | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0926 - IPv4 Bogon and Martian addresses are not blocked | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET0966 - Control plane protection is not enabled - 'ip receive acl in use' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0985 - IGP instances do not peer with appropriate domain | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET0986 - Routes from the two IGP domains are redistributed | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0987 - Managed network has access to OOBM gateway router - 'Review IP_RECEIVE_ACL' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | |
NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL permit' | DISA STIG Cisco Perimeter L3 Switch v8r32 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |