Theme

CCI|CCI-002403

Title

The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetime	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match address	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetime	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peer	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-group	Cisco	DISA STIG Cisco ASA FW v1r2
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.	Cisco	DISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Cisco	DISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group in	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group in	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group in	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0	Cisco	DISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0	Cisco	DISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 169.254.0.0	Cisco	DISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 169.254.0.0	Cisco	DISA STIG Cisco IOS Router RTR v2r1