STIGQter STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

Rapid Spanning Tree Protocol (STP) must be implemented at the access and distribution layers where Virtual Local Area Networks (VLANs) span multiple switches.

DISA Rule

SV-80851r1_rule

Vulnerability Number

V-66361

Group Title

NET2004

Rule Version

NET2004

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Configure Rapid STP be implemented at the access and distribution layers where VLANs span multiple switches.

Check Contents

In cases where VLANs do not span multiple switches it is a best practice to not implement STP. Avoiding the use of STP will provide the most deterministic and highly available network topology. If STP is required, then review the switch configuration to verify that RSTP or MSTP has been implemented. Following are example configurations:

RSTP

spanning-tree mode rapid-pvst

MST

spanning-tree mode mst
spanning-tree mst configuration
name Region1
revision 1
instance 1 vlan 10, 11, 12
instance 2 vlan 13, 14

If RSTP or MSTP has not been implemented where STP is required, this is a finding.

Note: Note: Cisco has implemented RSTP as part of MSTP and Rapid-PVST+.

Vulnerability Number

V-66361

Documentable

False

Rule Version

NET2004

Severity Override Guidance

In cases where VLANs do not span multiple switches it is a best practice to not implement STP. Avoiding the use of STP will provide the most deterministic and highly available network topology. If STP is required, then review the switch configuration to verify that RSTP or MSTP has been implemented. Following are example configurations:

RSTP

spanning-tree mode rapid-pvst

MST

spanning-tree mode mst
spanning-tree mst configuration
name Region1
revision 1
instance 1 vlan 10, 11, 12
instance 2 vlan 13, 14

If RSTP or MSTP has not been implemented where STP is required, this is a finding.

Note: Note: Cisco has implemented RSTP as part of MSTP and Rapid-PVST+.

Check Content Reference

M

Target Key

838

Comments