| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-215812 | CAT II | MONTPOINTGTWYRTR | Cisco IOS XE Router NDM Security Technic... | The Cisco router must be configured to enforce app... | - | |||
Check TextReview the Cisco router configuration to verify that it is compliant with this requirement. Step 1: Verify that the line vty has an ACL inbound applied as shown in the example below. line vty 0 1 access-class MANAGEMENT_NET in transport input ssh Step 2: Verify that the ACL permits only hosts from the management network to access the router. ip access-list extended MANAGEMENT_NET permit ip x.x.x.0 0.0.0.255 any deny ip any any log-input If the Cisco router is not configured to enforce approved authorizations for controlling the flow of management information within the device based on control policies, this is a finding. Fix TextConfigure the Cisco router to restrict management access to specific IP addresses via SSH as shown in the example below. SW2(config)#ip access-list standard MANAGEMENT_NET SW2(config-std-nacl)#permit x.x.x.0 0.0.0.255 SW2(config-std-nacl)#exit SW2(config)#line vty 0 1 SW2(config-line)#transport input ssh SW2(config-line)#access-class MANAGEMENT_NET in SW2(config-line)#end Finding DetailsEvaluate-STIG 1.2507.5 (Scan-CiscoXERouterNDM_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: ResultHash: 7C34C4946A66BAD21BCD23A9B909B63F3502B98E ~~~~~ line vty 0 4 session-timeout 10 access-class vty_access in session-limit 3 logging synchronous transport preferred ssh transport input ssh transport output ssh ! ip access-list extended vty_access 10 remark Allow access from other ships, NOCs or Afloat Support 10 permit tcp 164.231.0.0 0.0.255.255 any eq 22 log 20 deny ip any any log ! ! ! ! ! ! !
Source: _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl
Scan Date: 2026-01-14T12:57:25.013310
Technology Area: Internal Network
|
||||||||