CCI-004931
Establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).
1 rule found Severity: Medium
The out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.
1 rule found Severity: Medium
The Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.
1 rule found Severity: Medium
The Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
1 rule found Severity: Low
The MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
1 rule found Severity: Low
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1 rule found Severity: High
The PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1 rule found Severity: High
1 rule found Severity: Medium
The PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1 rule found Severity: High
The Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
1 rule found Severity: Low
The Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel.
1 rule found Severity: Medium
3 rules found Severity: Medium
The Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
3 rules found Severity: Low
The Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
3 rules found Severity: Low
The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
3 rules found Severity: High
The Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
3 rules found Severity: High
The Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
3 rules found Severity: Medium
The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit.
1 rule found Severity: High
The Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.
3 rules found Severity: Low
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.
1 rule found Severity: Low
The Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.
1 rule found Severity: Low
The layer 2 switch must establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The router must establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The SDN controller must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The ALG must establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
2 rules found Severity: High
The Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions.
1 rule found Severity: Low
The Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions.
1 rule found Severity: Low
The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1 rule found Severity: High
The Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1 rule found Severity: High
The Cisco PE switch must be configured to have each VRF with the appropriate Route Distinguisher (RD).
1 rule found Severity: Medium
The Cisco PE switch providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1 rule found Severity: High
The Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.
1 rule found Severity: High
The Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to use a loopback address as the source address when originating MSDP traffic.
1 rule found Severity: Low
The firewall must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The IDPS must establish organization-defined alternate communications paths for system operations organizational command and control.
1 rule found Severity: Medium
The Juniper BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.
1 rule found Severity: Low
The Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.
1 rule found Severity: Low
The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.
1 rule found Severity: High
The Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).
1 rule found Severity: High
The Juniper PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).
1 rule found Severity: Medium
The Juniper PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.
1 rule found Severity: High
The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN.
1 rule found Severity: High
The Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.
1 rule found Severity: Low