STIGQter STIGQter: STIG Summary: Router Security Requirements Guide Version: 4 Release: 2 Benchmark Date: 23 Apr 2021:

The PE router must be configured to ignore or block all packets with any IP options.

DISA Rule

SV-216981r604135_rule

Vulnerability Number

V-216981

Group Title

SRG-NET-000205

Rule Version

SRG-NET-000205-RTR-000016

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the router to drop all packets with IP options.

Check Contents

Review the router configuration to determine if it will block all packets with IP options.

If the router is not configured to drop all packets with IP options, this is a finding.

Vulnerability Number

V-216981

Documentable

False

Rule Version

SRG-NET-000205-RTR-000016

Severity Override Guidance

Review the router configuration to determine if it will block all packets with IP options.

If the router is not configured to drop all packets with IP options, this is a finding.

Check Content Reference

M

Target Key

2917

Comments