STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The multicast edge router must be configured to establish boundaries for administratively scoped multicast traffic.

DISA Rule

SV-207111r604135_rule

Vulnerability Number

V-207111

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000005

Severity

CAT III

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

Step 1: Configure the ACL to deny packets with multicast administratively scoped destination addresses.

Step 2: Apply the multicast boundary at the appropriate interfaces.

Check Contents

Review the router configuration and verify that admin-scope multicast traffic is blocked at the external edge.

If the router is not configured to establish boundaries for administratively scoped multicast traffic, this is a finding.

Vulnerability Number

V-207111

Documentable

False

Rule Version

SRG-NET-000019-RTR-000005

Severity Override Guidance

Review the router configuration and verify that admin-scope multicast traffic is blocked at the external edge.

If the router is not configured to establish boundaries for administratively scoped multicast traffic, this is a finding.

Check Content Reference

M

Target Key

2917

Comments