STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Cisco Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The router must use its loopback or OOB management interface address as the source address when originating NTP traffic.

DISA Rule

SV-15343r2_rule

Vulnerability Number

V-14674

Group Title

NTP traffic is not using loopback address or OOB Management interface.

Rule Version

NET0899

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Configure the device to use its loopback or OOB management interface address as the source address when originating NTP traffic.

Check Contents

Review the configuration and verify the loopback interface address is used as the source address when originating NTP traffic. If the device is managed from an OOB management network, the OOB interface must be used instead. The configuration should look similar as shown in the following example:

interface loopback 0
ip address 10.10.2.1 255.255.255.255
…
ntp server 129.237.32.2
ntp server 142.181.31.6
ntp source Loopback0

Note: IOS allows multiple loopback interfaces to be defined.

Vulnerability Number

V-14674

Documentable

False

Rule Version

NET0899

Severity Override Guidance

Review the configuration and verify the loopback interface address is used as the source address when originating NTP traffic. If the device is managed from an OOB management network, the OOB interface must be used instead. The configuration should look similar as shown in the following example:

interface loopback 0
ip address 10.10.2.1 255.255.255.255
…
ntp server 129.237.32.2
ntp server 142.181.31.6
ntp source Loopback0

Note: IOS allows multiple loopback interfaces to be defined.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

510

Comments