IPv6 must be disabled until a deliberate transition strategy has been implemented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-14262	5.050	SV-30297r2_rule	ECSC-1	Medium

Description
Any nodes’ interface with IPv6 enabled by default presents a potential risk of traffic being transmitted or received without proper risk mitigation strategy and is therefore, a serious security concern.

STIG	Date
Windows 2003 Domain Controller Security Technical Implementation Guide	2015-03-09

Details

Check Text ( C-52019r2_chk )
Prior to transition, IPv6 must not be installed. The following registry key indicates the IPv6 protocol has been installed. If it exists, this is a finding. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \System\CurrentControlSet\Services\Tcpip6 See S0-C1-imp-1 of The Department of National Intelligence/Department of Defense (DoD) Internet Protocol version 6 (IPv6) Information Assurance Guidance for Milestone Objective 3 for additional information.

Check Text ( C-52019r2_chk )

Prior to transition, IPv6 must not be installed. The following registry key indicates the IPv6 protocol has been installed. If it exists, this is a finding.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: \System\CurrentControlSet\Services\Tcpip6

See S0-C1-imp-1 of The Department of National Intelligence/Department of Defense (DoD) Internet Protocol version 6 (IPv6) Information Assurance Guidance for Milestone Objective 3 for additional information.

Fix Text (F-53903r2_fix)
Uninstall the IPv6 protocol until a deliberate transition strategy has been implemented.