Item Search

NameAudit NamePluginCategory
NET-IPV6-016 - ICMPv6 unreachable notifications and redirects must be disabled - 'no ipv6 unreachables'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'deny ipv6 2002::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'Egress deny ipv6 any 2002::/16 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'deny ipv6 any fec0::/10 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-026 - IPv6 Site Local Unicast Addresses are not blocked - 'Egress deny ipv6 fec0::/10 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-029 - IPv6 Multicast Source ADDR are not blocked - 'deny ipv6 ff00::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-061 - Packet with invalid Destination Option header - Inbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-001 - PIM enabled on wrong interfaces -'interfaces enabled for PIM'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 access-list IPV6_PIM_NEIGHBORS_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-009 - No administrative scoped multicast boundary - ipv6 multicast boundary scope 8DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. '802.1x authentication'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'aaa new-model'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

NET-NAC-009 - The switch must be configured to use 802.1x authentication on host facing access switch ports. 'radius-server host'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET-SRVFRM-003 - ACLs must restrict access to server VLANsDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocolsDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 97 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 98 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-003 - Tunnels do not use explicit IP addressesDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-006 - PPS Vulnerability Assessments Mitigation FiltersDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-007 - Deny-by-Default Security PostureDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-017 - ISATAP tunnels must terminate at interior routerDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'access-list IPV4_UPLINK_INGRESS_ACL permit 41)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'IPv4 Uplink Interface (ip access-group)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-VLAN-002 - Disabled ports are not kept in an unused VLAN.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-VLAN-024 - Restricted VLAN not assigned to non-802.1x device.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0162 - AG ingress ACL is not configured to secure enclave - 'Permit AG ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0164 - AG router has a routing protocol to the enclave. - 'Static Router to AG Service Provider'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Key-Chain Check)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 Check'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0410 - BGP sessions are not restricted. 'IP Recieve Access-List'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to send-lifetime infinite'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0440 - In the event the authentication server is unavailable, the network device must have a single local account of last resort defined.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET0720 - TCP and UDP small server services are not disabled - 'service udp-small-servers'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0800 - Filter ICMP on external interface. - 'no ip mask-reply'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_2'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0892 - SNMP is blocked at all external interfaces - 'deny tcp 161'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0897 - RADIUS Authentication traffic does not use loopback interface.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0898 - Syslog traffic is not using loopback address - 'logging source-interface Loopback0'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET0899 - NTP traffic is not using loopback addressDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0911 - Inbound ICMP messages are not blocked - 'deny icmp any any fragments log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0912 - Outbound ICMP messages are not blocked - 'permit icmp echo-request'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0924 - IPv4 Link-local address is not blockedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0926 - IPv4 Bogon and Martian addresses are not blockedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0966 - Control plane protection is not enabled - 'ip receive acl in use'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0985 - IGP instances do not peer with appropriate domainDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0986 - Routes from the two IGP domains are redistributedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0987 - Managed network has access to OOBM gateway router - 'Review IP_RECEIVE_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL permit'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION