DISA STIG Cisco IOS Switch RTR v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG Cisco IOS Switch RTR v2r1

Updated: 2/21/2023

Authority: Network Devices

Plugin: Cisco

Revision: 1.6

Estimated Item Count: 116

Audit Changelog

 
Revision 1.6

Feb 21, 2023

Miscellaneous
  • Audit deprecated.
  • Metadata updated.
  • References updated.
  • Variables updated.
Revision 1.5

Dec 7, 2022

Miscellaneous
  • Metadata updated.
Revision 1.4

Aug 23, 2022

Miscellaneous
  • Metadata updated.
  • See also link updated.
Revision 1.3

Apr 25, 2022

Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.2

Oct 27, 2021

Miscellaneous
  • Metadata updated.
  • See also link updated.
Added
  • CISC-RT-000235 - The Cisco switch must be configured to have Cisco Express Forwarding enabled - ip
  • CISC-RT-000235 - The Cisco switch must be configured to have Cisco Express Forwarding enabled - ipv6
  • CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets - ipv6 ingress acl
  • CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets - outside interface
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - deny ipv6 any any
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - outside interface
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255 - permit 0, 1, or 3-255
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - dest-option-type 195
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - dest-option-type 4
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - dest-option-type home-address
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values - outside interface
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - dest-option-type 194
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - dest-option-type 5
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values - outside interface
  • CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - dest-option-type
  • CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option - outside-interface
  • CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - dest-option-type
  • CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header - outside-interface
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 10
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 11
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 12
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 13
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 14
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 16
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 2
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 255
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 3
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 34
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 36
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 37
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 39
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 47
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 49
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 6
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dest-option-type 9
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - outside interface
Removed
  • CISC-RT-000235 - The Cisco switch must be configured to have Cisco Express Forwarding enabled. - ip
  • CISC-RT-000235 - The Cisco switch must be configured to have Cisco Express Forwarding enabled. - ipv6
  • CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets. - ipv6 ingress acl
  • CISC-RT-000392 - The Cisco perimeter switch must be configured to drop IPv6 undetermined transport packets. - outside interface
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - deny ipv6 any any
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - outside interface
  • CISC-RT-000393 - The Cisco perimeter switch must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3-255. - permit 0, 1, or 3-255
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - dest-option-type 195
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - dest-option-type 4
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - dest-option-type home-address
  • CISC-RT-000394 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values. - outside interface
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. - dest-option-type 194
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. - dest-option-type 5
  • CISC-RT-000395 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values. - outside interface
  • CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. - dest-option-type
  • CISC-RT-000396 - The Cisco perimeter switch must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option. - outside-interface
  • CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. - dest-option-type
  • CISC-RT-000397 - The Cisco perimeter switch must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header. - outside-interface
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 10
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 11
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 12
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 13
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 14
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 16
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 2
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 255
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 3
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 34
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 36
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 37
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 39
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 47
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 49
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 6
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - dest-option-type 9
  • CISC-RT-000398 - The Cisco perimeter switch must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type. - outside interface
Revision 1.1

Jul 30, 2021

Miscellaneous
  • Metadata updated.
  • References updated.