STIGQter: STIG Summary: Layer 2 Switch Security Requirements Guide Version: 1 Release: 6 Benchmark Date: 24 Jan 2020:

The layer 2 switch must authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available.

DISA Rule

SV-76651r1_rule

Vulnerability Number

V-62161

Group Title

SRG-NET-000168

Rule Version

SRG-NET-000168-L2S-000019

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Configure the switch to authenticate all VLAN Trunk Protocol (VTP) messages with a hash function using the most secured cryptographic algorithm available.

Check Contents

Review the switch configuration to verify if VTP is enabled. If VTP is enabled, verify that authentication has been configured.

If VTP has been configured on the switch and is not authenticating VTP messages with a hash function using the most secured cryptographic algorithm available, this is a finding.

Vulnerability Number

V-62161

Documentable

False

Rule Version

SRG-NET-000168-L2S-000019

Severity Override Guidance

Review the switch configuration to verify if VTP is enabled. If VTP is enabled, verify that authentication has been configured.

If VTP has been configured on the switch and is not authenticating VTP messages with a hash function using the most secured cryptographic algorithm available, this is a finding.

Check Content Reference

M

Target Key

2917

Comments