STIGQter STIGQter: STIG Summary: Layer 2 Switch Security Technical Implementation Guide - Cisco Version: 8 Release: 27 Benchmark Date: 25 Jan 2019: Access switchports must not be assigned to the native VLAN.

DISA Rule

SV-3984r2_rule

Vulnerability Number

V-3984

Group Title

Access switchports are assigned to the native VLAN

Rule Version

NET-VLAN-009

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To insure the integrity of the trunk link and prevent unauthorized access, the native VLAN of the trunk port should be changed from the default VLAN 1 to its own unique VLAN. Access switchports must never be assigned to the native VLAN.

Check Contents

Review the switch configurations and examine all access ports. Verify that they do not belong to the native VLAN.

If any access switch ports are assigned to the native VLAN, it is a finding.

Vulnerability Number

V-3984

Documentable

False

Rule Version

NET-VLAN-009

Severity Override Guidance

Review the switch configurations and examine all access ports. Verify that they do not belong to the native VLAN.

If any access switch ports are assigned to the native VLAN, it is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

512

Comments