Item Search

NameAudit NamePluginCategory
NET-IPV6-011 - Outbound ICMPv6 traffic is not blocked - 'permit icmp IPV6 Network 2000::/3 echo-request'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-011 - Outbound ICMPv6 traffic is not blocked - 'permit icmp IPV6 Network 2000::/3 time-exceeded'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-016 - ICMPv6 unreachable notifications and redirects must be disabled - 'no ipv6 redirects'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-017 - IPv6 Routing Header is not blocked - 'permit type 2'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-024 - IPv6 6-to-4 addresses are not filtered - 'Egress deny ipv6 2002::/16 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-028 - IPv6 Unspecified ADDR is not blocked - 'deny ipv6 ::/128 any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-032 - IPv6 Unique Local Unicast ADDR are not blocked - 'deny ipv6 any FC00::7 log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-034 - IPv6 Egress Outbound Spoofing Filter - 'deny ipv6 any any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-047 - IPv4 Interfaces in NAT-PT receive IPv6DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-IPV6-060 - Packet with invalid Hop-by-Hop header - Inbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-061 - Packet with invalid Destination Option header - Outbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-062 - Endpoint Identification option not filtered - Outbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-065 - The 6-to-4 router is not filtering protocol 41 - 'ip access-group IPV4_EGRESS_FILTER'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-001 - PIM enabled on wrong interfaces -'ip multicast-routing'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET-MCAST-002 - PIM neighbor filter is not configured - 'ip pim neighbor-filter IP_PIM_NEIGHBORS_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-009 - No administrative scoped multicast boundary - ip access-list standard - 'deny 239'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-010 - No Admin-local or Site-local boundary - 'ipv6 multicast boundary scope 5'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'deny 42 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'deny 94 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'deny udp any any eq 1723'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 42 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-VLAN-008 - A dedicated VLAN is required for all trunk ports.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0162 - AG ingress ACL is not configured to secure enclave - 'Explicit Deny ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0166 - AG Network IP addresses are advertised in enclave - 'EIGRP distribute lists prefix lists'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0166 - AG Network IP addresses are advertised in enclave - 'OSPF distribute lists prefix lists'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0166 - AG Network IP addresses are advertised in enclave - 'RIP distribute lists prefix lists'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0167 - AG must adhere to PPS boundary 13 and 14 policiesDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Key-Chain Check)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0400 - Interior routing protocols are not authenticated - 'IS-IS Check'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0400 - Interior routing protocols are not authenticated - 'RIPv2 (Interface Check - authentication key-chain)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to accept-lifetime infinite'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0433 - The device is not authenticated using a AAA server - 'aaa new-model'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

NET0700 - Operating system is not at a current release levelDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0750 - The Bootp service is not disabledDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0800 - Filter ICMP on external interface. - 'no ip redirects'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0813 - The network element must authenticate all NTP messages received from NTP servers and peers.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0993 - The management interface is not IGP passiveDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1005 - No inbound ACL for mgmt network sub-interface - 'Sub-Interface Ingress ACL Permit/Deny'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1006 - IPSec traffic is not restricted - 'crypto map IN_BAND_MGMT_VPN - match address IN_BAND_MGMT_VPN_ACL'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1008 - Management traffic doesn't get preferred treatmentDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET1021 - The network element must log all messages except debuggingDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL permit VTY_AUTH_IP)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET1638 - Management connections must be secured by FIPS 140-2 -'ip http secure-server'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1638 - Management connections must be secured by FIPS 140-2 -'ssh algorithm mac'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1647 - The network element must not allow SSH Version 1DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET1807 - Management traffic is not restricted - 'access list OOBM_VPN_ACL permit'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1808 - Remote VPN end-point not a mirror of local gatewayDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
SNMPv2 CONFIG IF STATEMENTDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
SNMPv2 with ACL is configured Check for ACL ConfigurationDISA STIG Cisco Perimeter L3 Switch v8r32Cisco