STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-47 — Alternate Communications Paths

CCI-004931

Definition

Establish organization-defined alternate communications paths for system operations organizational command and control.

Parent Control

SC-47Alternate Communications PathsSystem and Communications Protection

Linked STIG Checks (64)

V-263546CAT IIThe ALG must establish organization-defined alternate communications paths for system operations organizational command and control.Application Layer Gateway Security Requirements Guide V-255983CAT IIThe Arista MLS layer 2 switch must not use the default VLAN for management traffic.Arista MLS EOS 4.X L2S Security Technical Implementation Guide V-256023CAT IIThe out-of-band management (OOBM) Arista gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC).Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256024CAT IIThe out-of-band management (OOBM) Arista gateway router must be configured to block any traffic destined to itself that is not sourced from the OOBM network or the NOC.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256025CAT IIThe Arista router must be configured to only permit management traffic that ingresses and egresses the out-of-band management (OOBM) interface.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256048CAT IIIThe Arista BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256049CAT IIIThe MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256052CAT IThe PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256053CAT IThe PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256054CAT IIThe PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256055CAT IThe PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-256056CAT IIIThe Arista Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.Arista MLS EOS 4.X Router Security Technical Implementation Guide V-272103CAT IIThe Cisco ACI must establish organization-defined alternate communication paths for system operations organizational command and control.Cisco ACI Router Security Technical Implementation Guide V-239868CAT IIThe Cisco ASA must be configured to forward management traffic to the Network Operations Center (NOC) via an IPsec tunnel.Cisco ASA Firewall Security Technical Implementation Guide V-216606CAT IIIThe Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.Cisco IOS Router RTR Security Technical Implementation Guide V-216607CAT IIIThe Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.Cisco IOS Router RTR Security Technical Implementation Guide V-216611CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Cisco IOS Router RTR Security Technical Implementation Guide V-216612CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Cisco IOS Router RTR Security Technical Implementation Guide V-216613CAT IIThe Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).Cisco IOS Router RTR Security Technical Implementation Guide V-216615CAT IThe Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.Cisco IOS Router RTR Security Technical Implementation Guide V-216638CAT IIIThe Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.Cisco IOS Router RTR Security Technical Implementation Guide V-220644CAT IIThe Cisco switch must not use the default VLAN for management traffic.Cisco IOS Switch L2S Security Technical Implementation Guide V-216696CAT IIIThe Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.Cisco IOS XE Router RTR Security Technical Implementation Guide V-216697CAT IIIThe Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.Cisco IOS XE Router RTR Security Technical Implementation Guide V-216701CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Cisco IOS XE Router RTR Security Technical Implementation Guide V-216702CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Cisco IOS XE Router RTR Security Technical Implementation Guide V-216703CAT IIThe Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).Cisco IOS XE Router RTR Security Technical Implementation Guide V-216705CAT IThe Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.Cisco IOS XE Router RTR Security Technical Implementation Guide V-216733CAT IIIThe Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.Cisco IOS XE Router RTR Security Technical Implementation Guide V-220670CAT IIThe Cisco switch must not use the default VLAN for management traffic.Cisco IOS XE Switch L2S Security Technical Implementation Guide V-216786CAT IIIThe Cisco BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.Cisco IOS XR Router RTR Security Technical Implementation Guide V-216787CAT IIIThe Cisco MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.Cisco IOS XR Router RTR Security Technical Implementation Guide V-216791CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Cisco IOS XR Router RTR Security Technical Implementation Guide V-216792CAT IThe Cisco PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Cisco IOS XR Router RTR Security Technical Implementation Guide V-216793CAT IIThe Cisco PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).Cisco IOS XR Router RTR Security Technical Implementation Guide V-216795CAT IThe Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate pseudowire ID for each attachment circuit.Cisco IOS XR Router RTR Security Technical Implementation Guide V-216823CAT IIIThe Cisco Multicast Source Discovery Protocol (MSDP) router must be configured to use a loopback address as the source address when originating MSDP traffic.Cisco IOS XR Router RTR Security Technical Implementation Guide V-220693CAT IIThe Cisco switch must not use the default VLAN for management traffic.Cisco NX OS Switch L2S Security Technical Implementation Guide V-221112CAT IIIThe Cisco BGP switch must be configured to use its loopback address as the source address for iBGP peering sessions.Cisco NX OS Switch RTR Security Technical Implementation Guide V-221113CAT IIIThe Cisco MPLS switch must be configured to use its loopback address as the source address for LDP peering sessions.Cisco NX OS Switch RTR Security Technical Implementation Guide V-221117CAT IThe Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Cisco NX OS Switch RTR Security Technical Implementation Guide V-221118CAT IThe Cisco PE switch must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Cisco NX OS Switch RTR Security Technical Implementation Guide V-221119CAT IIThe Cisco PE switch must be configured to have each VRF with the appropriate Route Distinguisher (RD).Cisco NX OS Switch RTR Security Technical Implementation Guide V-221121CAT IThe Cisco PE switch providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.Cisco NX OS Switch RTR Security Technical Implementation Guide V-221122CAT IThe Cisco PE switch providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the virtual forwarding instance (VFI) with the globally unique VPN ID assigned for each customer VLAN.Cisco NX OS Switch RTR Security Technical Implementation Guide V-221147CAT IIIThe Cisco Multicast Source Discovery Protocol (MSDP) switch must be configured to use a loopback address as the source address when originating MSDP traffic.Cisco NX OS Switch RTR Security Technical Implementation Guide V-263649CAT IIThe firewall must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.Firewall Security Requirements Guide V-263665CAT IIThe IDPS must establish organization-defined alternate communications paths for system operations organizational command and control.Intrusion Detection and Prevention Systems Security Requirements Guide V-254007CAT IIIThe Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS DODIN Technical Profile.Juniper EX Series Switches Router Security Technical Implementation Guide V-254008CAT IIIThe Juniper PE router must be configured to enforce a Quality-of-Service (QoS) policy in accordance with the QoS GIG Technical Profile.Juniper EX Series Switches Router Security Technical Implementation Guide V-217062CAT IIIThe Juniper BGP router must be configured to use its loopback address as the source address for iBGP peering sessions.Juniper Router RTR Security Technical Implementation Guide V-217063CAT IIIThe Juniper MPLS router must be configured to use its loopback address as the source address for LDP peering sessions.Juniper Router RTR Security Technical Implementation Guide V-217067CAT IThe Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance bound to the appropriate physical or logical interfaces to maintain traffic separation between all MPLS L3VPNs.Juniper Router RTR Security Technical Implementation Guide V-217068CAT IThe Juniper PE router must be configured to have each Virtual Routing and Forwarding (VRF) instance with the appropriate Route Target (RT).Juniper Router RTR Security Technical Implementation Guide V-217069CAT IIThe Juniper PE router must be configured to have each VRF with the appropriate Route Distinguisher (RD).Juniper Router RTR Security Technical Implementation Guide V-217071CAT IThe Juniper PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit.Juniper Router RTR Security Technical Implementation Guide V-217072CAT IThe Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN.Juniper Router RTR Security Technical Implementation Guide V-217098CAT IIIThe Juniper Multicast Source Discovery Protocol (MSDP) router must be configured to use its loopback address as the source address when originating MSDP traffic.Juniper Router RTR Security Technical Implementation Guide V-263668CAT IIThe layer 2 switch must establish organization-defined alternate communications paths for system operations organizational command and control.Layer 2 Switch Security Requirements Guide V-273696CAT IIThe RUCKUS ICX switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.RUCKUS ICX Layer 2 Switch Security Technical Implementation Guide V-273671CAT IIThe RUCKUS ICX router must establish organization-defined alternate communications paths for system operations organizational command and control.RUCKUS ICX Router Security Technical Implementation Guide V-264311CAT IIThe router must establish organization-defined alternate communications paths for system operations organizational command and control.Router Security Requirements Guide V-264314CAT IIThe SDN controller must be configured to establish organization-defined alternate communications paths for system operations organizational command and control.SDN Controller Security Requirements Guide V-264330CAT IIThe VPN Gateway must establish organization-defined alternate communications paths for system operations organizational command and control.Virtual Private Network (VPN) Security Requirements Guide