The router must enforce redistribution and advertisements from alternate gateway service provider IP addresses to the NIPRNet or to other AS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-NET-000019-RTR-000011 | SRG-NET-000019-RTR-000011 | SRG-NET-000019-RTR-000011_rule | Medium |
| Description |
|---|
| Stopping redistribution and advertisements from unsolicited traffic from Alternate Gateway service providers from attempting to enter the NIPRNet by traversing the enclave's perimeter router is critical to the integrity of the network and is avoidable through enforcement of router policies and filters. |
| STIG | Date |
|---|---|
| Router Security Requirements Guide | 2013-07-30 |
Details
| Check Text ( C-SRG-NET-000019-RTR-000011_chk ) |
|---|
| Review the configuration of the route connecting to the AG. Verify redistribution or advertising of routes into the enclave from the AG are not occurring. If there are routes redistributing or advertising through the enclave perimeter to the NIPRNet from the AG, this is a finding. |
| Fix Text (F-SRG-NET-000019-RTR-000011_fix) |
|---|
| Configure distribution lists or prefix lists to ensure redistribution and advertisements of AG routes are not occurring through the enclave perimeter into the NIPRNet. |