STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Multi-Protocol Labeled Switching (MPLS) labels must not be exchanged between the enclaves edge routers and any external neighbor routers.

DISA Rule

SV-80845r1_rule

Vulnerability Number

V-66355

Group Title

NET2001

Rule Version

NET2001

Severity

CAT II

CCI(s)

CCI-001097 - The information system monitors and controls communications at the external boundary of the information system and at key internal boundaries within the system.

Weight

Fix Recommendation

Disable LDP and RSVP on DISN-facing interfaces on all perimeter routers.

Check Contents

Review the DISN-facing interfaces of the enclave perimeter routers to verify that LDP or RSVP is not enabled.

If any of these interfaces are LDP or RSVP enabled, this is a finding.

Vulnerability Number

V-66355

Documentable

False

Rule Version

NET2001

Severity Override Guidance

Review the DISN-facing interfaces of the enclave perimeter routers to verify that LDP or RSVP is not enabled.

If any of these interfaces are LDP or RSVP enabled, this is a finding.

Check Content Reference

Target Key

838

Multi-Protocol Labeled Switching (MPLS) labels must not be exchanged between the enclaves edge routers and any external neighbor routers.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments