Audits
Settings
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Theme
Light
Dark
Auto
Help
Plugins
Overview
Plugins Pipeline
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Release Notes
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Links
Tenable Cloud
Tenable Community & Support
Tenable University
Settings
Theme
Light
Dark
Auto
Detections
Plugins
Overview
Plugins Pipeline
Release Notes
Newest
Updated
Search
Nessus Families
WAS Families
NNM Families
LCE Families
Tenable OT Security Families
About Plugin Families
Audits
Overview
Newest
Updated
Search Audit Files
Search Items
References
Authorities
Documentation
Download All Audit Files
Indicators
Overview
Search
Indicators of Attack
Indicators of Exposure
Analytics
CVEs
Overview
Newest
Updated
Search
Attack Path Techniques
Overview
Search
Audits
References
CCI
CCI-004931
CCI
CCI|CCI-004931
Title
Establish organization-defined alternate communications paths for system operations organizational command and control.
Reference Item Details
Reference:
CCI - DISA Control Correlation Identifier
Category:
2024
Audit Items
View all Reference Audit Items
Name
Plugin
Audit Name
ARST-L2-000200 - The Arista MLS layer 2 switch must not use the default VLAN for management traffic.
Arista
DISA STIG Arista MLS EOS 4.2x L2S v2r1
ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000690 - The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000700 - The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000730 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000740 - The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000750 - The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000760 - The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
ARST-RT-000770 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
Arista
DISA STIG Arista MLS EOS 4.2x Router v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interface
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetime
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peer
Cisco
DISA STIG Cisco ASA FW v2r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-group
Cisco
DISA STIG Cisco ASA FW v2r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.
Cisco
DISA STIG Cisco IOS XE Switch L2S v3r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.
Cisco
DISA STIG Cisco IOS Switch L2S v3r1
CISC-L2-000240 - The Cisco switch must not use the default VLAN for management traffic.
Cisco
DISA STIG Cisco NX-OS Switch L2S v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000580 - The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000580 - The Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000590 - The Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000630 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000630 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000640 - The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000640 - The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
Cisco
DISA STIG Cisco IOS XE Router RTR v3r2
CISC-RT-000650 - The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
Cisco
DISA STIG Cisco IOS Router RTR v3r2
CISC-RT-000650 - The Cisco PE switch must be configured to have each VRF with the appropriate Route Distinguisher (RD).
Cisco
DISA STIG Cisco NX-OS Switch RTR v3r2
CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit.
Cisco
DISA STIG Cisco IOS-XR Router RTR v3r2
CISC-RT-000670 - The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
Cisco
DISA STIG Cisco IOS Router RTR v3r2