Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4623 | NET0164 | SV-4623r1_rule | ECSC-1 | High |
Description |
---|
The premise router will not use a routing protocol to advertise NIPRNet addresses to the AG. Most ISPs use Border Gateway Protocol (BGP) to share route information with other autonomous systems (AS), that is, any network under a different administrative control and policy than that of the local site. If BGP is configured on the premise router, no BGP neighbors will be defined as peer routers from an AS belonging to any AG. The only method to be used to reach the AG will be through a static route. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2016-01-04 |
Check Text ( C-3394r1_chk ) |
---|
Review the configuration of the router connecting to the AG and verify that there are no BGP neighbors whose remote AS belongs to the AG service provider. |
Fix Text (F-4556r1_fix) |
---|
The only method to be used to reach the AG will be through a static route. |