Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-002403
CCI
CCI|CCI-002403
Title
Only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.
Arista
DISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000680 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetime
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peer
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-group
Cisco
DISA STIG Cisco ASA FW v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2