STIGQter STIGQter: STIG Summary: Infrastructure Router Security Technical Implementation Guide Version: 8 Release: 29 Benchmark Date: 25 Jan 2019: The network device must have control plane protection enabled.

DISA Rule

SV-21027r3_rule

Vulnerability Number

V-19188

Group Title

Control plane protection is not enabled.

Rule Version

NET0966

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement control plane protection by classifying traffic types based on importance levels and configure filters to restrict and rate limit the traffic punted to the route processor as according to each class.

Check Contents

Determine if control plane protection has been implemented on the device by verifying traffic types have been classified based on importance levels and a policy has been configured to filter and rate limit the traffic according to each class.

If the device doesn't have any control plane protection configured on the device, this is a finding.

Vulnerability Number

V-19188

Documentable

False

Rule Version

NET0966

Severity Override Guidance

Determine if control plane protection has been implemented on the device by verifying traffic types have been classified based on importance levels and a policy has been configured to filter and rate limit the traffic according to each class.

If the device doesn't have any control plane protection configured on the device, this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

510

Comments