Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-001414
CCI
CCI|CCI-001414
Title
Enforce approved authorizations for controlling the flow of information between connected systems based on organization-defined information flow control policies.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AMLS-L2-000110 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.
Arista
DISA STIG Arista MLS DCS-7000 Series L2S v1r3
AMLS-L3-000100 - The Arista Multilayer Switch must enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000110 - The Arista Multilayer Switch must disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000120 - The Arista Multilayer Switch must bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled - PIM neighbor filter to interfaces that have PIM enabled.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000130 - The Arista Multilayer Switch must establish boundaries for IPv6 Admin-Local, IPv6 Site-Local, IPv6 Organization-Local scope, and IPv4 Local-Scope multicast traffic.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000140 - The Arista Multilayer Switch must be configured so inactive router interfaces are disabled.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000150 - The Arista Multilayer Switch must protect an enclave connected to an Alternate Gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000160 - If Border Gateway Protocol (BGP) is enabled on The Arista Multilayer Switch, The Arista Multilayer Switch must not be a BGP peer with a router from an Autonomous System belonging to any Alternate Gateway.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000170 - The Arista Multilayer Switch must not redistribute static routes to alternate gateway service provider into an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other Autonomous System.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000180 - The Arista Multilayer Switch must enforce that Interior Gateway Protocol instances configured on the out-of-band management gateway router only peer with their own routing domain.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000190 - The Arista Multilayer Switch must enforce that the managed network domain and the management network domain are separate routing domains and the Interior Gateway Protocol instances are not redistributed or advertised to each other.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
AMLS-L3-000200 - The Arista Multilayer Switch must enforce that any interface used for out-of-band management traffic is configured to be passive for the Interior Gateway Protocol that is utilized on that management interface.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000110 - The Arista perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000120 - The Arista multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000130 - The Arista multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000140 - The Arista multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000150 - The Arista router must be configured to have all inactive interfaces disabled.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000160 - The Arista perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000170 - The Arista perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000180 - The Arista perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000190 - The out-of-band management (OOBM) Arista gateway router must be configured to have separate IGP instances for the managed network and management network.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000200 - The out-of-band management (OOBM) Arista gateway router must be configured to not redistribute routes between the management network routing domain and the managed network routing domain.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000210 - The multicast Rendezvous Point (RP) Arista router must be configured to filter Protocol Independent Multicast (PIM) Register and Join messages received from the Designated Router (DR) for any undesirable multicast groups and sources.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ACL Applied
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000010 - The Cisco ASA must be configured to filter outbound traffic, allowing only authorized ports and services - ingress ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000020 - The Cisco ASA must immediately use updates made to policy enforcement mechanisms such as firewall rules, security policies, and security zones.
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-VN-000300 - The Cisco ASA VPN gateway must be configured to restrict what traffic is transported via the IPsec tunnel according to flow control policies.
Cisco
DISA STIG Cisco ASA VPN v2r2
CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000060 - The Cisco router must be configured to have all inactive interfaces disabled.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000060 - The Cisco switch must be configured to have all inactive Layer 3 interfaces disabled.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000060 - The Cisco switch must be configured to have all inactive layer 3 interfaces disabled.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000060 - The Cisco switch must be configured to have all inactive layer 3 interfaces disabled.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000230 - The Cisco router must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000230 - The Cisco switch must be configured to disable the auxiliary port unless it is connected to a secured modem providing encryption and authentication.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000250 - The Cisco perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000250 - The Cisco perimeter switch must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000280 - The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000290 - The Cisco perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.
Cisco
DISA STIG Cisco IOS Router RTR v3r2