Item Search

NameAudit NamePluginCategory
NET-IPV6-064 - Not filtering undefined option type - Inbound ACLDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-IPV6-066 - 6-to-4 router not filtering invalid source address - 'ipv6 traffic-filter IPV6_EGRESS_ACL in'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-009 - No administrative scoped multicast boundary - ip access-list standard - 'permit 224'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-MCAST-010 - No Admin-local or Site-local boundary - ip access-list standard - 'deny 239'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'deny tcp any any eq 1723'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny 94 any any'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-001 - Drop IPv4 and IPv6 packets with outdated protocols - 'IPv4 deny udp any any eq 1723'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-002 - Tunneled packets are not filteredDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-004 - Tunnel end-points are not verified by filtersDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET-TUNL-019 - Ingress filter does not filter protocol 41 - 'access-list IPV4_UPLINK_INGRESS_ACL deny 41)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET-TUNL-034 - L2TPv3 sessions are not authenticated - authentication checkDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0240 - Devices exist with standard default passwordsDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Interface Check - authentication mode)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication mode)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Interface Check)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0400 - Interior routing protocols are not authenticated - 'RIP Check'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0408 - BGP must authenticate all peersDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0410 - BGP sessions are not restricted. 'Interface Access-Group Applied'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0412 - Unique keys are not used for eBGP authenticationDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0422 - Keys expiration exceeds 180 days.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0440 - More than one local account is definedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0441 - Emergency account privilege level is not setDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

IDENTIFICATION AND AUTHENTICATION

NET0460 - Group accounts are definedDISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco
NET0720 - TCP and UDP small server services are not disabled - 'service tcp-small-servers'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0724 - TCP Keep-Alives must be enabledDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0726 - Identification support is enabled.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0728 - DHCP service is not disabled on premiseDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0760 - Configuration auto-loading must be disabled - 'book network'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND INFORMATION INTEGRITY

NET0760 - Configuration auto-loading must be disabled - 'service config'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND INFORMATION INTEGRITY

NET0790 - IP directed broadcast is not disabled.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0812 - Two NTP servers are not used to synchronize time - 'First NTP Server'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

AUDIT AND ACCOUNTABILITY

NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_1'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

CONFIGURATION MANAGEMENT

NET0890 - Network devices must only allow SNMPv2 access from addresses belonging to the management network.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0890 - Network devices must restrict SNMPv2 access to the management network.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0890 - Network devices must restrict SNMPv3 access to the management network.DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0892 - SNMP is blocked at all external interfaces - 'deny udp 161'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0894 - Network element must only allow SNMP read access - 'community RWDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

ACCESS CONTROL

NET0901 - Netflow traffic is not using loopbackDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0911 - Inbound ICMP messages are not blocked - 'deny icmp any any log'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0911 - Inbound ICMP messages are not blocked - 'permit icmp any any packet-too-big'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0912 - Outbound ICMP messages are not blocked - 'permit icmp any any packet-too-big'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0920 - Bind ingress filters to correct interfaceDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0965 - Devices not configured to filter and drop half-open connectionsDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0991 - The OOBM interface not configured correctlyDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET0992 - The management interface does not have an ACL - 'Step 1 (Ingress ACL)'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1000 - Management traffic is not blocked by egress ACL - 'access-list MGMT_EGRESS_ACL deny LOCAL_MANAGEMENT_NETWORK'DISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

NET1004 - No ingress ACL on management VLAN interfaceDISA STIG Cisco Perimeter L3 Switch v8r32Cisco

SYSTEM AND COMMUNICATIONS PROTECTION