STIGQter STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The multicast router must be configured to bind a Protocol Independent Multicast (PIM) neighbor filter to interfaces that have PIM enabled.

DISA Rule

SV-207110r604135_rule

Vulnerability Number

V-207110

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000004

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure neighbor filters to only accept PIM control plane traffic from documented PIM neighbors. Bind neighbor filters to all PIM enabled interfaces.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review the multicast topology diagram and determine if router interfaces are enabled for IPv4 or IPv6 multicast routing.

If the router is enabled for multicast routing, verify all interfaces enabled for PIM have a neighbor filter bound to the interface. The neighbor filter must only accept PIM control plane traffic from the documented PIM neighbors.

If PIM neighbor filters are not bound to all interfaces that have PIM enabled, this is a finding.

Vulnerability Number

V-207110

Documentable

False

Rule Version

SRG-NET-000019-RTR-000004

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review the multicast topology diagram and determine if router interfaces are enabled for IPv4 or IPv6 multicast routing.

If the router is enabled for multicast routing, verify all interfaces enabled for PIM have a neighbor filter bound to the interface. The neighbor filter must only accept PIM control plane traffic from the documented PIM neighbors.

If PIM neighbor filters are not bound to all interfaces that have PIM enabled, this is a finding.

Check Content Reference

M

Target Key

2917

Comments