STIGQter: STIG Summary: Cisco IOS XR Router RTR Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

SV-216807r531087_rule

Vulnerability Number

V-216807

Group Title

SRG-NET-000019-RTR-000003

Rule Version

CISC-RT-000790

Severity

CAT II

CCI(s)

CCI-001414 - The information system enforces approved authorizations for controlling the flow of information between interconnected systems based on organization-defined information flow control policies.

Weight

Fix Recommendation

Document all enabled interfaces for PIM in the network's multicast topology diagram. Disable support for PIM on interfaces that are not required to support it.

RP/0/0/CPU0:R2(config)#router pim
RP/0/0/CPU0:R2(config-pim)#address-family ipv4
RP/0/0/CPU0:R2(config-pim-default-ipv4)#int g0/0/0/1
RP/0/0/CPU0:R2(config-pim-ipv4-if)#disable
RP/0/0/CPU0:R2(config-pim-ipv4-if)#end

Check Contents

Step 1: Review the network's multicast topology diagram.

Step 2: Review the router configuration to verify that only the interfaces as shown in the multicast topology diagram are enabled as shown in the example below.

!
router pim
address-family ipv4
interface GigabitEthernet0/0/0/0
enable
!
interface GigabitEthernet0/0/0/1
enable
!
!

If an interface is not required to support multicast routing and it is enabled, this is a finding.

The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments