CCI|CCI-000032

Title

The information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.

Reference Item Details

Category: 2009

Audit Items

View all Reference Audit Items

NamePluginAudit Name
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.CiscoDISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-listCiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-listCiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - route-policyCiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-listCiscoDISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.CiscoDISA STIG Cisco NX-OS Switch RTR v2r1
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be usedUnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configuredUnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX00040 - The securetcpip command must be used.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA STIG AIX 6.1 v1r14
GEN000000-AIX0300 - The system must not have the bootp service active.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA STIG AIX 5.3 v1r2
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.UnixDISA STIG AIX 6.1 v1r14
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.highUnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.lowUnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.medUnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliasesUnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.UnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.UnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.UnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.UnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.UnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.UnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.UnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlistUnixDISA STIG Solaris 10 SPARC v2r2
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlistUnixDISA STIG Solaris 10 X86 v2r2
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlistUnixDISA STIG Solaris 10 SPARC v2r2