CCI|CCI-000032

Title

Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be usedUnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configuredUnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00040 - The securetcpip command must be used.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA STIG AIX 5.3 v1r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.UnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.UnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.UnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlistUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlistUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlistUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlistUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00420 - Hidden extended file attributes must not exist on the system.UnixDISA STIG Solaris 10 SPARC v2r4