CCI|CCI-000032

Title

Enforce information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.35 CISC-RT-000540CiscoCIS Cisco NX OS Switch RTR STIG v1.0.0 CAT III
1.36 CISC-RT-000550CiscoCIS Cisco NX OS Switch RTR STIG v1.0.0 CAT III
1.48 CISC-RT-000550CiscoCIS Cisco IOS XE Switch RTR STIG v1.1.0 CAT III
1.49 CISC-RT-000540CiscoCIS Cisco IOS XE Switch RTR STIG v1.1.0 CAT III
1.55 CISC-RT-000540CiscoCIS Cisco IOS XR Router RTR STIG v1.0.0 CAT III
1.56 CISC-RT-000540CiscoCIS Cisco IOS XE Router RTR STIG v1.1.0 CAT III
1.56 CISC-RT-000550CiscoCIS Cisco IOS XR Router RTR STIG v1.0.0 CAT III
1.57 CISC-RT-000550CiscoCIS Cisco IOS XE Router RTR STIG v1.1.0 CAT III
ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.AristaDISA Arista MLS EOS 4.X Router STIG v2r2
ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.AristaDISA Arista MLS EOS 4.X Router STIG v2r2
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA Cisco IOS XE Router RTR STIG v3r5
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA Cisco IOS XR Router RTR STIG v3r3
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA Cisco IOS Router RTR STIG v3r4
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA Cisco NX OS Switch RTR STIG v3r4
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA Cisco IOS XE Switch RTR STIG v3r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA Cisco IOS XE Router RTR STIG v3r5
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA Cisco IOS Router RTR STIG v3r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA Cisco IOS XR Router RTR STIG v3r3
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA Cisco IOS XE Switch RTR STIG v3r4
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA Cisco NX OS Switch RTR STIG v3r4
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX00040 - The securetcpip command must be usedUnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configuredUnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00040 - The securetcpip command must be used.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA AIX 5.3 STIG v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA AIX 5.3 STIG v1r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.UnixDISA STIG Solaris 10 SPARC v2r4