CCI|CCI-002403

Title

The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
AMLS-L3-000280 - Arista MLS must restrict BGP connections to known IP addresses of neighbor routers from trusted Autonomous Systems (AS).	Arista	DISA STIG Arista MLS DCS-7000 Series RTR V1R2
AMLS-L3-000300 - Arista MLS must only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR V1R2
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS DCS-7000 Series RTR v1r3
ARST-RT-000610 - The Arista perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000620 - The Arista perimeter router must be configured to block inbound packets with source Bogon IP address prefixes.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000630 - The Arista perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000640 - The Arista perimeter router must be configured to have Proxy ARP disabled on all external interfaces.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000680 - The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to only accept MSDP packets from known MSDP peers.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000830 - The perimeter router must be configured to block all packets with any IP options.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
ARST-RT-000840 - The PE router must be configured to ignore or block all packets with any IP options.	Arista	DISA STIG Arista MLS EOS 4.2x Router v1r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces. - ACL	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces. - Interface	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces. - ACL	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces. - Interface	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACL	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - Interface	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic. - ACL	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic. - Interface	Cisco	DISA STIG Cisco ASA FW v1r1
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACL	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authentication	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsec	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryption	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group	Cisco	DISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group	Cisco	DISA STIG Cisco ASA FW v1r4
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - group	Cisco	DISA STIG Cisco ASA FW v1r3
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash sha	Cisco	DISA STIG Cisco ASA FW v1r2

Detections

Analytics

CCI|CCI-002403

Title

Reference Item Details

Audit Items