UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The IAO/NSO will ensure the AG network service provider IP addresses are not redistributed into or advertised to the NIPRNet or any router belonging to any other Autonomous System (AS) i.e. to another AG device in another AS.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4624 NET0166 SV-4624r1_rule ECSC-1 Low
Description
Unsolicited traffic that may inadvertently attempt to enter the NIPRNet by traversing the enclave's premise router can be avoided by not redistributing NIPRNet routes into the AG.
STIG Date
Perimeter L3 Switch Security Technical Implementation Guide - Cisco 2016-01-04

Details

Check Text ( C-3395r1_chk )
Review the configuration of the router connecting to the AG and verify that there are no routes being redistributed into the enclave from the AG.
Fix Text (F-4557r1_fix)
Use distribute lists prefix lists to insure AG routes are not redistributed into the NIPRNet BGP or sites IGP (OSPF, EIGRP, RIP, etc).