Skip to content
Log In

Cisco IOS XE Router RTR Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-NET-000018-RTR-000001

    Group
    Show

  • SRG-NET-000168-RTR-000078

    Group
    Show

  • The Cisco router must be configured to enable routing protocol authentication using FIPS 198-1 algorithms with keys not exceeding 180 days of lifetime.

    A rogue router could send a fictitious routing update to convince a site's perimeter router to send traffic to an incorrect or even a rogue destination. This diverted traffic could be analyzed to l...
    Rule Medium Severity
    Show

  • SRG-NET-000019-RTR-000007

    Group
    Show

  • SRG-NET-000362-RTR-000109

    Group
    Show

  • The Cisco router must not be configured to have any zero-touch deployment feature enabled when connected to an operational network.

    Network devices that are configured via a zero-touch deployment or auto-loading feature can have their startup configuration or image pushed to the device for installation via TFTP or Remote Copy (...
    Rule Medium Severity
    Show

  • SRG-NET-000362-RTR-000110

    Group
    Show

  • SRG-NET-000362-RTR-000111

    Group
    Show

  • SRG-NET-000362-RTR-000112

    Group
    Show

  • SRG-NET-000362-RTR-000113

    Group
    Show

  • The Cisco router must be configured to have Internet Control Message Protocol (ICMP) unreachable messages disabled on all external interfaces.

    The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMP messages under a wide variety of conditions. Host unreachable ICMP ...
    Rule Medium Severity
    Show

  • SRG-NET-000362-RTR-000114

    Group
    Show

  • The Cisco router must be configured to have Internet Control Message Protocol (ICMP) mask reply messages disabled on all external interfaces.

    The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMP messages under a wide variety of conditions. Mask Reply ICMP messag...
    Rule Medium Severity
    Show

  • SRG-NET-000362-RTR-000115

    Group
    Show

  • The Cisco router must be configured to have Internet Control Message Protocol (ICMP) redirect messages disabled on all external interfaces.

    The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMP messages under a wide variety of conditions. Redirect ICMP messages...
    Rule Medium Severity
    Show

  • SRG-NET-000078-RTR-000001

    Group
    Show

  • SRG-NET-000076-RTR-000001

    Group
    Show

  • SRG-NET-000077-RTR-000001

    Group
    Show

  • SRG-NET-000019-RTR-000001

    Group
    Show

  • SRG-NET-000202-RTR-000001

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules