Router Security Requirements Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-NET-000364
<GroupDescription></GroupDescription>Group -
The perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop header with invalid option type values.
<VulnDiscussion>These options are intended to be for the Destination Options header only. The optional and extensible natures of the IPv6 ext...Rule Medium Severity -
SRG-NET-000364
<GroupDescription></GroupDescription>Group -
The perimeter router must be configured to drop IPv6 packets containing a Destination Option header with invalid option type values.
<VulnDiscussion>These options are intended to be for the Hop-by-Hop header only. The optional and extensible natures of the IPv6 extension he...Rule Medium Severity -
SRG-NET-000364
<GroupDescription></GroupDescription>Group -
The perimeter router must be configured to drop IPv6 packets containing an extension header with the Endpoint Identification option.
<VulnDiscussion>The optional and extensible natures of the IPv6 extension headers require higher scrutiny since many implementations do not a...Rule Medium Severity -
SRG-NET-000364
<GroupDescription></GroupDescription>Group -
The perimeter router must be configured to drop IPv6 packets containing the NSAP address option within Destination Option header.
<VulnDiscussion>The optional and extensible natures of the IPv6 extension headers require higher scrutiny since many implementations do not a...Rule Medium Severity -
SRG-NET-000364
<GroupDescription></GroupDescription>Group -
The perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type.
<VulnDiscussion>The optional and extensible natures of the IPv6 extension headers require higher scrutiny since many implementations do not a...Rule Medium Severity -
SRG-NET-000705
<GroupDescription></GroupDescription>Group -
The router must employ organization-defined controls by type of denial of service (DoS) to achieve the DoS objective.
<VulnDiscussion>DoS events may occur due to a variety of internal and external causes, such as an attack by an adversary or a lack of plannin...Rule Medium Severity -
SRG-NET-000715
<GroupDescription></GroupDescription>Group -
The router must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.
<VulnDiscussion>Separating critical system components and functions from other noncritical system components and functions through separate s...Rule Medium Severity -
SRG-NET-000760
<GroupDescription></GroupDescription>Group -
The router must establish organization-defined alternate communications paths for system operations organizational command and control.
<VulnDiscussion>An incident, whether adversarial- or nonadversarial-based, can disrupt established communications paths used for system opera...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.