CCI|CCI-002403

Title

The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Reference Item Details

Category: 2013

Audit Items

View all Reference Audit Items

NamePluginAudit Name
AMLS-L3-000300 - The Arista Multilayer Switch must only allow incoming communications from authorized sources to be routed to authorized destinations.AristaDISA STIG Arista MLS DCS-7000 Series RTR v1r3
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - ACLCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000230 - The Cisco ASA must be configured to filter inbound traffic on all external interfaces - InterfaceCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - ACLCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000240 - The Cisco ASA must be configured to filter outbound traffic on all internal interfaces - InterfaceCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - ACLCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000250 - The Cisco ASA perimeter firewall must be configured to block all outbound management traffic - InterfaceCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - ACLCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - authenticationCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - crypto ipsecCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - encryptionCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - groupCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - hash shaCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - inside interfaceCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - lifetimeCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - match addressCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - outside interfaceCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set ikev1CiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set lifetimeCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - set peerCiscoDISA STIG Cisco ASA FW v1r2
CASA-FW-000260 - The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel - tunnel-groupCiscoDISA STIG Cisco ASA FW v1r2
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000080 - The Cisco router must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000080 - The Cisco switch must not be configured to have any feature enabled that calls home to the vendor.CiscoDISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000260 - The Cisco perimeter router must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS XE Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco IOS Switch RTR v2r1
CISC-RT-000260 - The Cisco perimeter switch must be configured to only allow incoming communications from authorized sources to be routed to authorized destinations.CiscoDISA STIG Cisco NX-OS Switch RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group inCiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group inCiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - access-group inCiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 0.0.0.0CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 10.0.0.0CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 100.64.0.0CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0CiscoDISA STIG Cisco IOS-XR Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 127.0.0.0CiscoDISA STIG Cisco IOS Router RTR v2r1
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 169.254.0.0CiscoDISA STIG Cisco IOS XE Router RTR v2r4
CISC-RT-000270 - The Cisco perimeter router must be configured to block inbound packets with source Bogon IP address prefixes - deny 169.254.0.0CiscoDISA STIG Cisco IOS Router RTR v2r1