CCI|CCI-000032

Title

The information system enforces information flow control using organization-defined security policy filters as a basis for flow control decisions for organization-defined information flows.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
ARST-RT-000060 - The Arista BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000100 - The Arista BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000540 - The Cisco BGP router must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000540 - The Cisco BGP switch must be configured to reject route advertisements from BGP peers that do not list their autonomous system (AS) number as the first AS in the AS_PATH attribute.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - ip as-path access-list	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer - route-policy	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000550 - The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000550 - The Cisco BGP switch must be configured to reject route advertisements from CE switches with an originating AS in the AS_PATH attribute that does not belong to that customer.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX00020 - AIX Trusted Computing Base (TCB) software must be implemented.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX00040 - The securetcpip command must be used - /etc/security/config has been configured	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX00040 - The securetcpip command must be used.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0200 - The system must not allow directed broadcasts to gateway.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0210 - The system must provide protection from Internet Control Message Protocol (ICMP) attacks on TCP connections.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0220 - The system must provide protection for the TCP stack against connection resets, SYN, and data injection attacks.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0230 - The system must provide protection against IP fragmentation attacks.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0300 - The system must not have the bootp service active.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.	Unix	DISA STIG AIX 5.3 v1r2
GEN000000-AIX0310 - The /etc/ftpaccess.ctl file must exist.	Unix	DISA STIG AIX 6.1 v1r14
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.high	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.low	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - tune.med	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00120 - The ASET master files must be located in the /usr/aset/masters directory - uid_aliases	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00140 - The /usr/aset/masters/uid_aliases must be empty.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00160 - If the system is a firewall, ASET must be used on the system, and the firewall parameters must be set in /usr/aset/asetenv.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00180 - The Solaris system Automated Security Enhancement Tool (ASET) configurable parameters in the asetenv file must be correct - ASET configurable parameters in the asetenv file must be correct.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00200 - The asetenv file YPCHECK variable must be set to true when NIS+ is configured.	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist	Unix	DISA STIG Solaris 10 SPARC v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - /usr/aset/userlist	Unix	DISA STIG Solaris 10 X86 v2r4
GEN000000-SOL00220 - The /usr/aset/userlist file must exist - exec with userlist	Unix	DISA STIG Solaris 10 X86 v2r4

Detections

Analytics

CCI|CCI-000032

Title

Reference Item Details

Audit Items