CCI|CCI-002403

Title

Only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000680 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACLCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - InterfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACLCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - InterfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACLCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - InterfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACLCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authenticationCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsecCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryptionCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - groupCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash shaCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetimeCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match addressCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1CiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetimeCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peerCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-groupCiscoDISA STIG Cisco ASA FW v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.CiscoDISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.CiscoDISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.CiscoDISA STIG Cisco IOS XE Router RTR v3r2