The PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DoDIN Technical Profile.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-78319	SRG-NET-000193-RTR-000113	SV-93025r1_rule		Low

Description
Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework to differentiate traffic and provide a method to manage network congestion. The Differentiated Services Model (DiffServ) is based on per-hop behavior by categorizing traffic into different classes and enabling each node to enforce a forwarding treatment to each packet as dictated by a policy. Packet markings such as IP Precedence and its successor, Differentiated Services Code Points (DSCP), were defined along with specific per-hop behaviors for key traffic types to enable a scalable QoS solution. DiffServ QoS categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment based on the classification. It is imperative that end-to-end QoS is implemented within the IP core network to provide preferred treatment for mission-critical applications.

Description

Different applications have unique requirements and toleration levels for delay, jitter, bandwidth, packet loss, and availability. To manage the multitude of applications and services, a network requires a QoS framework to differentiate traffic and provide a method to manage network congestion. The Differentiated Services Model (DiffServ) is based on per-hop behavior by categorizing traffic into different classes and enabling each node to enforce a forwarding treatment to each packet as dictated by a policy. Packet markings such as IP Precedence and its successor, Differentiated Services Code Points (DSCP), were defined along with specific per-hop behaviors for key traffic types to enable a scalable QoS solution. DiffServ QoS categorizes network traffic, prioritizes it according to its relative importance, and provides priority treatment based on the classification. It is imperative that end-to-end QoS is implemented within the IP core network to provide preferred treatment for mission-critical applications.

STIG	Date
Router Security Requirements Guide	2019-09-27

Details

Check Text ( C-77877r1_chk )
Review the router configuration and verify that a QoS policy has been configured to provide preferred treatment for mission-critical applications in accordance with the QoS DoDIN Technical Profile. Verify that the class-maps are configured to match on DSCP, protocols, or access control lists (ACLs) that identify traffic types based on ports. Verify that the policy-map is configured to set DSCP values for the defined class-maps in accordance with the QoS DoDIN Technical Profile. Verify that an input service policy is bound to all CE-facing interfaces. If the router is not configured to enforce a QoS policy in accordance with the QoS DoDIN Technical Profile, this is a finding.

Check Text ( C-77877r1_chk )

Review the router configuration and verify that a QoS policy has been configured to provide preferred treatment for mission-critical applications in accordance with the QoS DoDIN Technical Profile.

Verify that the class-maps are configured to match on DSCP, protocols, or access control lists (ACLs) that identify traffic types based on ports.

Verify that the policy-map is configured to set DSCP values for the defined class-maps in accordance with the QoS DoDIN Technical Profile.

Verify that an input service policy is bound to all CE-facing interfaces.

If the router is not configured to enforce a QoS policy in accordance with the QoS DoDIN Technical Profile, this is a finding.

Fix Text (F-85047r1_fix)
Configure a QoS policy on each router in accordance with the QoS DoDIN Technical Profile.