STIGQter STIGQter: STIG Summary: Cisco IOS XE Router RTR Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

SV-216717r531086_rule

Vulnerability Number

V-216717

Group Title

SRG-NET-000019-RTR-000003

Rule Version

CISC-RT-000790

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document all enabled interfaces for PIM in the network's multicast topology diagram. Disable support for PIM on interfaces that are not required to support it.

R5(config)#int g1/1
R5(config-if)#no ip pim sparse-mode

Check Contents

Step 1: Review the network's multicast topology diagram.

Step 2: Review the router configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM as shown in the example below:

interface GigabitEthernet1/1
ip address 10.1.3.3 255.255.255.0
ip pim sparse-mode

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Vulnerability Number

V-216717

Documentable

False

Rule Version

CISC-RT-000790

Severity Override Guidance

Step 1: Review the network's multicast topology diagram.

Step 2: Review the router configuration to verify that only the PIM interfaces as shown in the multicast topology diagram are enabled for PIM as shown in the example below:

interface GigabitEthernet1/1
ip address 10.1.3.3 255.255.255.0
ip pim sparse-mode

If an interface is not required to support multicast routing and it is enabled, this is a finding.

Check Content Reference

M

Target Key

4028

Comments