STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The perimeter router must be configured to have Link Layer Discovery Protocols (LLDPs) disabled on all external interfaces.

DISA Rule

SV-207165r604135_rule

Vulnerability Number

V-207165

Group Title

SRG-NET-000364

Rule Version

SRG-NET-000364-RTR-000111

Severity

CAT III

CCI(s)

• CCI-002403 - The information system only allows incoming communications from organization-defined authorized sources routed to organization-defined authorized destinations.

Weight

10

Fix Recommendation

This requirement is not applicable for the DoDIN Backbone.

Disable LLDPs on all external interfaces.

Check Contents

This requirement is not applicable for the DoDIN Backbone.

Review all router configurations to ensure LLDPs are not included in the global configuration or LLDPs are not included for each active external interface. Examples of LLDPs are Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED).

If LLDPs are configured globally or on any external interface, this is a finding.

Vulnerability Number

V-207165

Documentable

False

Rule Version

SRG-NET-000364-RTR-000111

Severity Override Guidance

This requirement is not applicable for the DoDIN Backbone.

Review all router configurations to ensure LLDPs are not included in the global configuration or LLDPs are not included for each active external interface. Examples of LLDPs are Cisco Discovery Protocol (CDP), Link Layer Discovery Protocol (LLDP), and Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED).

If LLDPs are configured globally or on any external interface, this is a finding.

Check Content Reference

M

Target Key

2917

Comments