STIGQter STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.

DISA Rule

SV-216675r531086_rule

Vulnerability Number

V-216675

Group Title

SRG-NET-000364-RTR-000111

Rule Version

CISC-RT-000370

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

This requirement is not applicable for the DODIN Backbone.

Disable CDP on all external interfaces via no cdp enable command or disable CDP globally via no cdp run command.

Check Contents

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify if CDP is enabled globally as shown below:

cdp run

By default, CDP is not enabled globally or on any interface. If CDP is enabled globally, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below:

interface GigabitEthernet2
ip address z.1.24.4 255.255.255.252



cdp enable

If CDP is enabled on any external interface, this is a finding.

Vulnerability Number

V-216675

Documentable

False

Rule Version

CISC-RT-000370

Severity Override Guidance

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify if CDP is enabled globally as shown below:

cdp run

By default, CDP is not enabled globally or on any interface. If CDP is enabled globally, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below:

interface GigabitEthernet2
ip address z.1.24.4 255.255.255.252



cdp enable

If CDP is enabled on any external interface, this is a finding.

Check Content Reference

M

Target Key

4028

Comments