Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-18610 | NET-IPV6-008 | SV-20166r1_rule | Medium |
Description |
---|
The decommissioned 6bone allocation (3FFE::/16), RFC 3701 must be blocked. It is no longer a trusted source. |
STIG | Date |
---|---|
Perimeter L3 Switch Security Technical Implementation Guide - Cisco | 2018-02-27 |
Check Text ( C-22293r1_chk ) |
---|
Base Procedure: Review the premise router configuration to ensure filters are in place to restrict the IP addresses explicitly, or inexplicitly. Verify that ingress and egress ACLs for IPv6 have been defined to deny the 6bone address space and log all violations. |
Fix Text (F-19241r1_fix) |
---|
The administrator will configure the router ACLs to restrict IP addresses that contain any 6bone addresses. |