Interior routing protocols are not authenticated - 'OSPFv2 Check' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-IPV6-034 - IPv6 Egress Outbound Spoofing Filter - 'deny ipv6 any any log' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-001 - PIM enabled on wrong interfaces -'interfaces enabled for PIM' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-MCAST-002 - PIM neighbor filter is not configured - 'ip access-list standard IP_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 access-list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-MCAST-010 - No Admin-local or Site-local boundary - ip access-list standard - 'permit 224' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-SRVFRM-003 - ACLs must restrict access to server VLANs | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-TUNL-017 - ISATAP tunnels must terminate at interior router | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication mode)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0422 - Keys expiration exceeds 180 days. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite - Key 1' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Third key set to accept-lifetime infinite' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0433 - The device is not authenticated using a AAA server - 'tacacs-server host(s) - more than 2 hosts exist' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0440 - More than one local account is defined. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | ACCESS CONTROL |
NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0470 - Unauthorized accounts are configured to access device | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0600 - Passwords are viewable when displaying the config | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0700 - Operating system is not at a current release level | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0770 - IP Source Routing is not disabled on all routers. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0812 - Two NTP servers are not used to synchronize time - 'ntp broadcast client' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_1' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0812 - Two NTP servers are not used to synchronize time - 'ntp multicast client MULTICAST_IP_2' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0820 - DNS servers must be defined for client resolver | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0898 - Syslog traffic is not using loopback address - 'logging source-interface Loopback0' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET0900 - SNMP traffic does not use loopback | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0965 - Devices not configured to filter and drop half-open connections | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0966 - Control plan protection is not enabled - 'Step 4: Verify that the CoPP policy is enabled. (service-policy)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0986 - Routes from the two IGP domains are redistributed | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0987 - Managed network has access to OOBM gateway router - 'ip receive acl IP_RECEIVE_ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface does not have an ACL - 'Step 1 (Egress ACL)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface does not have an ACL - 'Step 1 (Ingress ACL)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL deny)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface does not have an ACL - 'Step 2 (access-list MGMT_INGRESS_ACL permit LOCAL_MANAGEMENT_NETWORK)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1006 - IPSec traffic is not restricted - 'crypto map configured on interface' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1007 - Management traffic is not classified and marked - 'class-map match-all MANAGEMENT_TRAFFIC' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1007 - Management traffic is not classified and marked - 'Interface Configured (service-policy input DIST_LAYER_POLICY)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET1007 - Management traffic is not classified and marked - 'policy-map DIST_LAYER_POLICY (set ip dscp DIST_LAYER_DSCP_VALUE)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1021 - The network element must log all messages except debugging. - 'Logging trap' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET1623 - Authentication required for console access - 'AUX port (login authentication AUTH_LIST)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | ACCESS CONTROL |
NET1629 - The auxiliary port is not disabled | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET1637 - Management connections are not restricted - 'VTY port (access-list VTY_ACL deny any log)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1638 - Management connections must be secured by FIPS 140-2 -'ip http server' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET1638 - Management connections must be secured by FIPS 140-2 -'ssh algorithm encryption' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1638 - Management connections must be secured by FIPS 140-2 -'ssh algorithm mac' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1647 - The network element must not allow SSH Version 1 | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET1660 - An insecure version of SNMP is being used | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET1675 - SNMP privilege and non-privileged access | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET1807 - Management traffic is not restricted - 'Interface crypto map configured (crypto map MYVPN)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
SNMPv3 with ACL is configured Check for ACL Configuration | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |