STIGQter STIGQter: STIG Summary: Network Infrastructure Policy Security Technical Implementation Guide Version: 9 Release: 10 Benchmark Date: 24 Jan 2020:

The number of source-group (SG) states must be limited within the multicast topology where Any Source Multicast (ASM) is deployed.

DISA Rule

SV-80881r1_rule

Vulnerability Number

V-66391

Group Title

NET2015

Rule Version

NET2015

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the multicast router to increase the SPT threshold or set it to infinity to minimalize (S,G) state within the multicast topology where Any Source Multicast (ASM) is deployed.

Check Contents

Review the multicast last-hop router configuration to verify that the SPT switchover threshold is increased (default is 0) or set to infinity (never switch over). The following is a PIM sparse mode last-hop router configuration example that will disable the SPT switchover for all multicast groups:

ip multicast-routing
ip pim spt-threshold infinity

If any multicast router is not configured to increase the SPT threshold or set it to infinity to minimalize (S,G) state, this is a finding.

Vulnerability Number

V-66391

Documentable

False

Rule Version

NET2015

Severity Override Guidance

Review the multicast last-hop router configuration to verify that the SPT switchover threshold is increased (default is 0) or set to infinity (never switch over). The following is a PIM sparse mode last-hop router configuration example that will disable the SPT switchover for all multicast groups:

ip multicast-routing
ip pim spt-threshold infinity

If any multicast router is not configured to increase the SPT threshold or set it to infinity to minimalize (S,G) state, this is a finding.

Check Content Reference

M

Target Key

838

Comments