V-215823
CAT IThe Cisco router must be configured to prohibit the use of all unnecessary and nonsecure functions and services.
- Ships Affected
- 1
- Total Findings
- 1
- Open
- 1
- Closed
- 0
Check Text
Verify that the router does not have any unnecessary or nonsecure ports, protocols, and services enabled. For example, the following commands should not be in the configuration:
boot network
ip boot server
ip bootp server
ip dns server
ip identd
ip finger
ip http server
ip rcmd rcp-enable
ip rcmd rsh-enable
service config
service finger
service tcp-small-servers
service udp-small-servers
service pad
service call-home
Note: Certain legacy devices may require 'service call-home' be enabled to support Smart Licensing as they do not support the newer smart transport configuration. Those devices do not incur a finding for having call-home enabled for Smart Licensing.
If any unnecessary or nonsecure ports, protocols, or services are enabled, this is a finding.
Fix Text
Disable the following services if enabled as shown in the example below.
R2(config)#no boot network
R2(config)#no ip boot server
R2(config)#no ip bootp server
R2(config)#no ip dns server
R2(config)#no ip identd
R2(config)#no ip finger
R2(config)#no ip http server
R2(config)#no ip rcmd rcp-enable
R2(config)#no ip rcmd rsh-enable
R2(config)#no service config
R2(config)#no service finger
R2(config)#no service tcp-small-servers
R2(config)#no service udp-small-servers
R2(config)#no service pad
R2(config)#no service call-home
R2(config)#end
STIG Reference
- STIG
- Cisco IOS XE Router NDM Security Technical Implementation Guide
- Version
- 3
- Release
- 7
- Rule ID
- SV-215823r1043177_rule
All Occurrences
This vulnerability appears on 1 ship(s)
| Ship | Hull # | Source File | Status | Assigned To | Scan Date | Actions |
|---|---|---|---|---|---|---|
| USNS MONTFORD POINT | T-ESD-1 | _Reviewed/MONTPOINTGTWYRTR/Checklist/MONTPOINTGTWYRTR_CiscoXERtrNDM_V3R5_20251023-150045.ckl | Unassigned | 2026-01-14T12:57:25.013310 | View in Context |