STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282701

CAT II (Medium)

TOSS 5 must not enable Internet Protocol version 6 (IPv6) packet forwarding unless the system is a router.

Rule ID

SV-282701r1201355_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000366

Discussion

IP forwarding permits the kernel to forward packets from one network interface to another. The ability to forward packets between two networks is only appropriate for systems acting as routers.

Check Content

Verify TOSS 5 is not performing IPv6 packet forwarding unless the system is a router.

Note: If IPv6 is disabled on the system, this requirement is not applicable.

Check that IPv6 forwarding is disabled using the following commands:

$ sudo sysctl net.ipv6.conf.all.forwarding

net.ipv6.conf.all.forwarding = 0

If the IPv6 forwarding value is not "0" and is not documented with the information system security officer (ISSO) as an operational requirement, this is a finding.

Fix Text

Configure TOSS 5 to not allow IPv6 packet forwarding unless the system is a router.

Add or edit the following line in a single system configuration file, in the "/etc/sysctl.d/" directory:

net.ipv6.conf.all.forwarding = 0

Load settings from all system configuration files using the following command:

$ sudo sysctl --system