DISA STIG Cisco IOS-XR Router RTR v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco IOS-XR Router RTR v2r1

Updated: 6/27/2023

Authority: DISA STIG

Plugin: Cisco

Revision: 1.8

Estimated Item Count: 151

Audit Changelog


Revision 1.8 Jun 27, 2023 Miscellaneous Audit deprecated. Metadata updated. References updated.
Revision 1.7 Mar 7, 2023 Miscellaneous Metadata updated. References updated.
Revision 1.6 Dec 7, 2022 Miscellaneous Variables updated.
Revision 1.5 Apr 25, 2022 Miscellaneous Metadata updated. References updated.
Revision 1.4 Aug 16, 2021 Informational Update CISC-RT-000300 - The Cisco perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems. CISC-RT-000490 - The Cisco BGP router must be configured to reject inbound route advertisements for any Bogon prefixes - show ip prefix-list CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - route-policy CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. CISC-RT-000680 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN. CISC-RT-000690 - The Cisco PE router must be configured to enforce the split-horizon rule for all pseudowires within a Virtual Private LAN Services (VPLS) bridge domain. CISC-RT-000700 - The Cisco PE router providing Virtual Private LAN Services (VPLS) must be configured to have traffic storm control thresholds on CE-facing interfaces. CISC-RT-000710 - The Cisco PE router must be configured to implement Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping for each Virtual Private LAN Services (VPLS) bridge domain. CISC-RT-000720 - The Cisco PE router must be configured to limit the number of MAC addresses it can learn for each Virtual Private LAN Services (VPLS) bridge domain. Miscellaneous Metadata updated. See also link updated.
Revision 1.3 Jul 30, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.2 Jun 17, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.1 Apr 28, 2021 Miscellaneous Metadata updated. References updated.