Interior routing protocols are not authenticated - 'RIP Check' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-MCAST-002 - PIM neighbor filter is not configured - 'ipv6 pim neighbor-filter list IPV6_PIM_NEIGHBORS_ACL' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-MCAST-010 - No Admin-local or Site-local boundary - ip access-list standard - 'deny 239' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET-SRVFRM-003 - ACLs must restrict access to server VLANs | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-TUNL-012 - Tunnel Default Router Configured | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET-TUNL-017 - ISATAP tunnels must terminate at interior router | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0400 - Interior routing protocols are not authenticated - 'EIGRP (Interface Check - authentication key-chain)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Interface Check - isis authentication key-chain)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - Interior routing protocols are not authenticated - 'IS-IS (Router Check - authentication mode)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0400 - Interior routing protocols are not authenticated - 'OSPFv2 (Router Check)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0400 - Interior routing protocols are not authenticated - 'RIPv2 (Key-Chain Check)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0422 - Keys expiration exceeds 180 days. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite - Key 1' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to accept-lifetime infinite - Key 2' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0425 - An Infinite Lifetime key has not been implemented - 'Ensure rotating keys are not set to send-lifetime infinite - Key 1' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0433 - The device is not authenticated using a AAA server - 'aaa authentication login' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0433 - The device is not authenticated using a AAA server - 'line con - authentication' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | IDENTIFICATION AND AUTHENTICATION |
NET0465 - Authorized accounts must be assigned the least privilege level necessary to perform assigned duties. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET0724 - TCP Keep-Alives must be enabled | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0726 - Identification support is enabled. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0730 - The finger service is not disabled | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0744 - BSDr commands are not disabled - rcp-enable | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0744 - BSDr commands are not disabled - rsh-enable | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0760 - Configuration auto-loading must be disabled - 'book network' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
NET0790 - IP directed broadcast is not disabled. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0812 - Two NTP servers are not used to synchronize time - 'Second NTP Server' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET0890 - Network devices must only allow SNMPv2 access from addresses belonging to the management network. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0890 - Network devices must only allow SNMPv3 access from addresses belonging to the management network. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0890 - Network devices must restrict SNMPv2 access to the management network. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0890 - Network devices must restrict SNMPv3 access to the management network. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0894 - Network element must only allow SNMP read access - 'community RW' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | ACCESS CONTROL |
NET0894 - Network element must only allow SNMP read access - 'SNMP v3 auth' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
NET0894 - Network element must only allow SNMP read access - 'SNMP v3 priv|noauth' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | CONFIGURATION MANAGEMENT |
NET0897 - RADIUS Authentication traffic does not use loopback interface. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0897 - TACACS Authentication traffic does not use loopback interface. | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0899 - NTP traffic is not using loopback address | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0902 - FTP/TFTP traffic does not use loopback - 'ip tftp source-interface Loopback0' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0988 - Traffic from the managed network will leak - 'access-list OOBM_EGRESS_ACL permit' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0989 - Management traffic leaks into the managed network - 'access-list OOBM_INGRESS_ACL permit' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0992 - The management interface does not have an ACL - 'Step 3 (ip local policy route-map LOCAL_POLICY)' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET0993 - The management interface is not IGP passive | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
NET1006 - IPSec traffic is not restricted - 'access-list IN_BAND_MGMT_VPN_ACL permit' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
NET1021 - The network element must log all messages except debugging. - 'Logging buffered' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET1021 - The network element must log all messages except debugging. - 'Logging console notifications' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET1021 - The network element must log all messages except debugging. - 'Logging LOGGING_HOST_IP' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET1021 - The network element must log all messages except debugging. - 'Logging on' | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
NET1639 - Management connection does not timeout | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | ACCESS CONTROL |
NET1640 - Management connections must be logged - login success | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | AUDIT AND ACCOUNTABILITY |
Network element must only allow SNMP read access | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |
SNMPv2 with ACL is configured Check for ACL Configuration | DISA STIG Cisco Infrastructure Router v8r29 | Cisco | |