IPv6 will be disabled until a deliberate transition strategy has been implemented. Use of IPv6 transition technologies will be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-14262	5.050	SV-29955r1_rule	ECSC-1	Medium

Description
Any nodes’ interface with IPv6 enabled by default presents a potential risk of traffic being transmitted or received without proper risk mitigation strategy and therefore a serious security concern.

STIG	Date
Win2k8 Audit	2013-06-10

Details

Check Text ( None )
None

Fix Text (F-29101r1_fix)
Add the following registry key. To disable IPv6 on all interfaces: Registry Hive: HKEY_LOCAL_MACHINE Subkey: System\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisabledComponents Type: REG_DWORD Value: 0xffffffff To disable all IPv6 tunneling interfaces: Registry Hive: HKEY_LOCAL_MACHINE Subkey: System\CurrentControlSet\Services\Tcpip6\Parameters Value Name: DisabledComponents Type: REG_DWORD Value: 0x1 Discrepancies in documentation have resulted in several changes to this requirement. See Microsoft article 929852 for details of the DisabledComponents registry value.

Fix Text (F-29101r1_fix)

Add the following registry key.

To disable IPv6 on all interfaces:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: System\CurrentControlSet\Services\Tcpip6\Parameters
Value Name: DisabledComponents
Type: REG_DWORD
Value: 0xffffffff

To disable all IPv6 tunneling interfaces:

Registry Hive: HKEY_LOCAL_MACHINE
Subkey: System\CurrentControlSet\Services\Tcpip6\Parameters
Value Name: DisabledComponents
Type: REG_DWORD
Value: 0x1

Discrepancies in documentation have resulted in several changes to this requirement. See Microsoft article 929852 for details of the DisabledComponents registry value.