Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-000032
CCI
CCI|CCI-000032
Title
Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configured
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX00040 - The securetcpip command must be used.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0300 - The system must not have the bootp service active.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.
Unix
DISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.
Unix
DISA STIG AIX 5.3 v1r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist
Unix
DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist
Unix
DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system.
Unix
DISA STIG Solaris 10 SPARC v2r4