CCI|CCI-001368

Title

Enforce approved authorizations for controlling the flow of information within the system based on organization-defined information flow control policies.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AMLS-L2-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Arista	DISA STIG Arista MLS DCS-7000 Series L2S v1r3
ARST-ND-000110 - The Arista network device must enforce approved authorizations for controlling the flow of management information within the network device based on information flow control policies.	Arista	DISA STIG Arista MLS EOS 4.2x NDM v2r1
ARST-RT-000010 - The Arista router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000020 - The Arista BGP router must be configured to reject inbound route advertisements for any Bogon prefixes.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000030 - The Arista BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000040 - The Arista BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000050 - The Arista BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000070 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to filter received source-active multicast advertisements for any undesirable multicast groups and sources.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000080 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to filter source-active multicast advertisements to external MSDP peers to avoid global visibility of local-only multicast sources and groups.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000090 - The Arista MSDP router must be configured to limit the amount of source-active messages it accepts on per-peer basis.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-ND-000140 - The Cisco ASA must be configured to enforce approved authorizations for controlling the flow of management information within the Cisco ASA based on information flow control policies.	Cisco	DISA STIG Cisco ASA NDM v2r1
CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco IOS-XR Router NDM v3r1
CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco IOS Router NDM v3r1
CISC-ND-000140 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco IOS XE Router NDM v3r1
CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco IOS Switch NDM v3r1
CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco NX-OS Switch NDM v3r1
CISC-ND-000140 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies.	Cisco	DISA STIG Cisco IOS XE Switch NDM v3r1
CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000010 - The Cisco router must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000010 - The Cisco switch must be configured to enforce approved authorizations for controlling the flow of information within the network based on organization-defined information flow control policies.	Cisco	DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - neighbor	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - neighbor	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - show ip prefix-list	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - show ip prefix-list	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000490 - The Cisco BGP switch must be configured to reject inbound route advertisements for any Bogon prefixes.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000490 - The Cisco BGP switch must be configured to reject inbound route advertisements for any Bogon prefixes.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - neighbor	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - neighbor	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - route policy	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS) - show ip prefix-list	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000500 - The Cisco BGP router must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000500 - The Cisco BGP switch must be configured to reject inbound route advertisements for any prefixes belonging to the local autonomous system (AS).	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer - neighbor	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer - neighbor	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer - route-policy	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer - show ip prefix-list	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000510 - The Cisco BGP router must be configured to reject inbound route advertisements from a customer edge (CE) router for prefixes that are not allocated to that customer.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000510 - The Cisco BGP switch must be configured to reject inbound route advertisements from a customer edge (CE) switch for prefixes that are not allocated to that customer.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - ip prefix-list	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - ip prefix-list	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - neighbor	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS) - neighbor	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000520 - The Cisco BGP router must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000520 - The Cisco BGP switch must be configured to reject outbound route advertisements for any prefixes that do not belong to any customers or the local autonomous system (AS).	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1

Detections

Analytics

CCI|CCI-001368

Title

Reference Item Details

Audit Items