STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← AC-4 — Information Flow Enforcement

CCI-001551

Definition

The organization defines approved authorizations for controlling the flow of information between interconnected systems.

Parent Control

AC-4Information Flow EnforcementAccess Control

Linked STIG Checks (22)

V-12002CAT IIThe system must not forward IPv4 source-routed packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22409CAT IIIThe system must not process Internet Control Message Protocol (ICMP) timestamp requests.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22410CAT IIThe system must not respond to Internet Control Message Protocol v4 (ICMPv4) echoes sent to a broadcast address.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22411CAT IIThe system must not respond to Internet Control Message Protocol (ICMP) timestamp requests sent to a broadcast address.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22412CAT IIThe system must not apply reversed source routing to TCP responses.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22413CAT IIThe system must prevent local applications from generating source-routed packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22414CAT IIThe system must not accept source-routed IPv4 packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22415CAT IIProxy Address Resolution Protocol (Proxy ARP) must not be enabled on the system.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22416CAT IIThe system must ignore IPv4 Internet Control Message Protocol (ICMP) redirect messages.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22417CAT IIThe system must not send IPv4 Internet Control Message Protocol (ICMP) redirects.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22421CAT IIThe system must not be configured for network bridging.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22539CAT IIThe Bluetooth protocol handler must be disabled or not installed.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22541CAT IIThe IPv6 protocol handler must not be bound to the network stack unless needed.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22542CAT IIThe IPv6 protocol handler must be prevented from dynamic loading unless needed.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22545CAT IIThe system must not have 6to4 enabled.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22546CAT IIThe system must not have Teredo enabled.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22547CAT IIThe system must not have IP tunnels configured.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22550CAT IIThe system must ignore IPv6 ICMP redirect messages.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22552CAT IIThe system must use an appropriate reverse-path filter for IPv6 network traffic, if the system uses IPv6.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22553CAT IIThe system must not forward IPv6 source-routed packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-22554CAT IIThe system must not accept source-routed IPv6 packets.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation GuideV-4701CAT IIIThe system must not have the finger service active.SUSE Linux Enterprise Server v11 for System z Security Technical Implementation Guide