Capacity
CCI-004931
Establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The ALG must establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The Arista MLS layer 2 switch must not use the default VLAN for management traffic.
1
Rule
Severity: Medium
The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
1
Rule
Severity: Medium
The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.
1
Rule
Severity: Medium
The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
1
Rule
Severity: Low
The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
1
Rule
Severity: Low
The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
1
Rule
Severity: High
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1
Rule
Severity: High
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1
Rule
Severity: Medium
The PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
1
Rule
Severity: High
The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1
Rule
Severity: Low
The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
1
Rule
Severity: Medium
The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel.
3
Rule
Severity: Low
The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
3
Rule
Severity: Low
The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
3
Rule
Severity: High
The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
3
Rule
Severity: High
The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
3
Rule
Severity: Medium
The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
2
Rule
Severity: High
The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
3
Rule
Severity: Low
The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.
3
Rule
Severity: Medium
The Cisco switch must not use the default VLAN for management traffic.
1
Rule
Severity: High
The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit.
1
Rule
Severity: Low
The Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions.
1
Rule
Severity: Low
The Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions.
1
Rule
Severity: High
The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1
Rule
Severity: High
The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1
Rule
Severity: Medium
The Cisco PE switch must be configured to have each VRF with the appropriate Route Distinguisher (RD).
1
Rule
Severity: High
The Cisco PE switch providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1
Rule
Severity: High
The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.
1
Rule
Severity: Low
The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to use a loopback address as the source address when originating MSDP traffic.
1
Rule
Severity: Medium
The firewall must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The IDPS must establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Low
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.
1
Rule
Severity: Low
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
1
Rule
Severity: Low
The Juniper BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
1
Rule
Severity: Low
The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
1
Rule
Severity: High
The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1
Rule
Severity: High
The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1
Rule
Severity: Medium
The Juniper PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
1
Rule
Severity: High
The Juniper PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1
Rule
Severity: High
The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN.
1
Rule
Severity: Low
The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
1
Rule
Severity: Medium
The layer 2 switch must establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The router must establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The SDN controller must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.
1
Rule
Severity: Medium
The VPN Gateway must establish organization-defined alternate communications paths for system operations organizational command and control.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules