STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured to not redistribute static routes to an alternate gateway service provider into BGP or an IGP peering with the NIPRNet or to other autonomous systems.

DISA Rule

SV-207115r604135_rule

Vulnerability Number

V-207115

Group Title

SRG-NET-000019

Rule Version

SRG-NET-000019-RTR-000010

Severity

CAT III

CCI(s)

• CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Configure the router so that static routes are not redistributed to an alternate gateway into either an Exterior Gateway Protocol or Interior Gateway Protocol to the NIPRNet or to other autonomous systems.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review the configuration of the router connecting to the alternate gateway and verify that redistribution of static routes to the alternate gateway is not occurring.

If the static routes to the alternate gateway are being redistributed into BGP or any IGP peering with a NIPRNet gateway or another autonomous system, this is a finding.

Vulnerability Number

V-207115

Documentable

False

Rule Version

SRG-NET-000019-RTR-000010

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review the configuration of the router connecting to the alternate gateway and verify that redistribution of static routes to the alternate gateway is not occurring.

If the static routes to the alternate gateway are being redistributed into BGP or any IGP peering with a NIPRNet gateway or another autonomous system, this is a finding.

Check Content Reference

M

Target Key

2917

Comments