Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001097
CCI
CCI|CCI-001097
Title
Monitor and control communications at the external managed interfaces to the system and at key managed interfaces within the system.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AMLS-L3-000290 - The Arista Multilayer Switch must configure the maximum hop limit value to at least 32.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000350 - The Arista router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000370 - The Arista perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000380 - The Arista perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000390 - The Arista BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000650 - The Arista perimeter router must be configured to block all outbound management traffic.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial of service (DoS) attacks by employing control plane protection.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000130 - The Cisco router must be configured to restrict traffic destined to itself.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000130 - The Cisco switch must be configured to restrict traffic destined to itself.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000140 - The Cisco router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself - ICMP packets destined to itself
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000140 - The Cisco switch must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
Cisco
DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
Cisco
DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r1