CCI|CCI-004931

Title

Establish organization-defined alternate communications paths for system operations organizational command and control.

Reference Item Details

Category: 2024

Audit Items

View all Reference Audit Items

NamePluginAudit Name
ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic.AristaDISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000690 - The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000700 - The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000730 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000760 - The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000770 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.AristaDISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACLCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authenticationCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsecCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryptionCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - groupCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash shaCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetimeCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match addressCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interfaceCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1CiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetimeCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peerCiscoDISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-groupCiscoDISA STIG Cisco ASA FW v2r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.CiscoDISA STIG Cisco IOS XE Switch L2S v3r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.CiscoDISA STIG Cisco IOS Switch L2S v3r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.CiscoDISA STIG Cisco NX-OS Switch L2S v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000580 - The Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000630 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000640 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).CiscoDISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).CiscoDISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000650 - The Cisco PE switch must be configured to have each VRF with the appropriate Route Distinguisher (RD).CiscoDISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit.CiscoDISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.CiscoDISA STIG Cisco IOS Router RTR v3r2