CCI|CCI-002403

Title

Only allow incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2024

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r4
ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000680 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options.	Arista	DISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interface	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interface	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetime	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peer	Cisco	DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-group	Cisco	DISA STIG Cisco ASA FW v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000270 - The Cisco perimeter switch must be configured to block inbound packets with source Bogon IP address prefixes.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000350 - The Cisco perimeter router must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco IOS XE Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco IOS Switch RTR v3r1
CISC-RT-000350 - The Cisco perimeter switch must be configured to block all packets with any IP options.	Cisco	DISA STIG Cisco NX-OS Switch RTR v3r1
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.	Cisco	DISA STIG Cisco IOS XE Router RTR v3r1
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.	Cisco	DISA STIG Cisco IOS Router RTR v3r1
CISC-RT-000360 - The Cisco perimeter router must be configured to have Link Layer Discovery Protocol (LLDP) disabled on all external interfaces.	Cisco	DISA STIG Cisco IOS-XR Router RTR v3r1

Detections

Analytics

CCI|CCI-002403

Title

Reference Item Details

Audit Items