DISA STIG Cisco IOS Router RTR v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco IOS Router RTR v2r1

Updated: 9/6/2023

Authority: DISA STIG

Plugin: Cisco

Revision: 1.10

Estimated Item Count: 146

Audit Changelog


Revision 1.10 Sep 6, 2023 Miscellaneous Audit deprecated. Metadata updated. References updated.
Revision 1.9 Mar 7, 2023 Miscellaneous Metadata updated. References updated.
Revision 1.8 Dec 7, 2022 Miscellaneous Variables updated.
Revision 1.7 Aug 9, 2022 Miscellaneous Metadata updated. See also link updated.
Revision 1.6 Apr 25, 2022 Miscellaneous Metadata updated.
Revision 1.5 Apr 5, 2022 Miscellaneous Metadata updated. References updated. See also link updated.
Revision 1.4 Jul 30, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.3 Jun 17, 2021 Miscellaneous Metadata updated. References updated.
Revision 1.2 Jun 7, 2021 Informational Update CISC-RT-000236 - The Cisco router must be configured to advertise a hop limit of at least 32 in Router Advertisement messages for IPv6 stateless auto-configuration deployments. CISC-RT-000391 - The Cisco perimeter router must be configured to suppress Router Advertisements on all external IPv6-enabled interfaces. Miscellaneous Metadata updated. See also link updated. Added CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled - ip CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled - ipv6 CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets - outside interface CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - deny ipv6 any any CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - outside interface CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - permit 0, 1, or 3-255 CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - dest-option-type CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - outside interface CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - dest-option-type CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - outside interface CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dest-option-type CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - outside interface CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - dest-option-type CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - outside interface CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - outside interface Removed CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. - ip CISC-RT-000235 - The Cisco router must be configured to have Cisco Express Forwarding enabled. - ipv6 CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. - outside interface CISC-RT-000392 - The Cisco perimeter router must be configured to drop IPv6 undetermined transport packets. ipv6 ingress acl CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - deny ipv6 any any CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - outside interface CISC-RT-000393 - The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - permit 0, 1, or 3-255 CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - dest-option-type CISC-RT-000394 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - outside interface CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. - dest-option-type CISC-RT-000395 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. - outside interface CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. - dest-option-type CISC-RT-000396 - The Cisco perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. - outside interface CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. - dest-option-type CISC-RT-000397 - The Cisco perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. - outside interface CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type CISC-RT-000398 - The Cisco perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - outside interface
Revision 1.1 Apr 28, 2021 Miscellaneous Metadata updated. References updated.