CCI|CCI-001097

Title

The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2009

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AMLS-L3-000290 - The Arista Multilayer Switch must configure the maximum hop limit value to at least 32.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-RT-000340 - The Arista router must be configured to restrict traffic destined to itself.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000350 - The Arista router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000370 - The Arista perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000380 - The Arista perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000390 - The Arista BGP router must be configured to reject outbound route advertisements for any prefixes belonging to the IP core.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000400 - The Arista router must be configured to block any traffic that is destined to IP core infrastructure.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000410 - The Arista router must be configured with Unicast Reverse Path Forwarding (uRPF) loose mode enabled on all CE-facing interfaces.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000420 - The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000430 - The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000440 - The Arista router must be configured to only permit management traffic that ingresses and egresses the OOBM interface.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000650 - The Arista perimeter router must be configured to block all outbound management traffic.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial of service (DoS) attacks by employing control plane protection.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000120 - The Cisco router must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000120 - The Cisco switch must be configured to protect against or limit the effects of denial-of-service (DoS) attacks by employing control plane protection.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000130 - The Cisco router must be configured to restrict traffic destined to itself.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000130 - The Cisco switch must be configured to restrict traffic destined to itself.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000140 - The Cisco router must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself - ICMP packets destined to itself	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000140 - The Cisco switch must be configured to drop all fragmented Internet Control Message Protocol (ICMP) packets destined to itself - ICMP packets destined to itself	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000320 - The Cisco perimeter router must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000320 - The Cisco perimeter switch must be configured to filter traffic destined to the enclave in accordance with the guidelines contained in DoD Instruction 8551.1.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000330 - The Cisco perimeter router must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000330 - The Cisco perimeter switch must be configured to filter ingress traffic at the external interface on an inbound direction.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000340 - The Cisco perimeter router must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000340 - The Cisco perimeter switch must be configured to filter egress traffic at the internal interface on an inbound direction.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000390 - The Cisco perimeter router must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r5
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco IOS Switch RTR v2r5
CISC-RT-000390 - The Cisco perimeter switch must be configured to block all outbound management traffic.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r3
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000400 - The Cisco out-of-band management (OOBM) gateway router must be configured to transport management traffic to the Network Operations Center (NOC) via dedicated circuit, MPLS/VPN service, or IPsec tunnel.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).	Cisco	DISA STIG Cisco IOS XE Router RTR v2r9
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).	Cisco	DISA STIG Cisco IOS Router RTR v2r6
CISC-RT-000410 - The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r4

Detections

Analytics

CCI|CCI-001097

Title

Reference Item Details

Audit Items