STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network.

DISA Rule

SV-207149r604135_rule

Vulnerability Number

V-207149

Group Title

SRG-NET-000362

Rule Version

SRG-NET-000362-RTR-000109

Severity

CAT II

CCI(s)

• CCI-002385 - The information system protects against or limits the effects of organization-defined types of denial of service attacks by employing organization-defined security safeguards.

Weight

10

Fix Recommendation

Disable all configuration auto-loading or zero-touch deployment features.

Check Contents

Review the device configuration to determine if a configuration auto-loading or zero-touch deployment feature is enabled.

If a configuration auto-loading feature or zero-touch deployment feature is enabled, this is a finding.

Note: Auto-configuration or zero-touch deployment features can be enabled when the router is offline for the purpose of image loading or building out the configuration. In addition, this would not be applicable to the provisioning of virtual routers via a software-defined network (SDN) orchestration system.

Vulnerability Number

V-207149

Documentable

False

Rule Version

SRG-NET-000362-RTR-000109

Severity Override Guidance

Review the device configuration to determine if a configuration auto-loading or zero-touch deployment feature is enabled.

If a configuration auto-loading feature or zero-touch deployment feature is enabled, this is a finding.

Note: Auto-configuration or zero-touch deployment features can be enabled when the router is offline for the purpose of image loading or building out the configuration. In addition, this would not be applicable to the provisioning of virtual routers via a software-defined network (SDN) orchestration system.

Check Content Reference

M

Target Key

2917

Comments