STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Network Infrastructure Policy Security Technical Implementation Guide

V-251389

CAT III (Low)

A Protocol Independent Multicast (PIM) neighbor filter must be implemented to restrict and control multicast traffic.

Rule ID

SV-251389r806122_rule

STIG

Network Infrastructure Policy Security Technical Implementation Guide

Version

V10R7

CCIs

CCI-001414

Discussion

Protocol Independent Multicast (PIM) is a routing protocol that is used by the IP core for forwarding multicast traffic. PIM traffic must be limited to only known PIM neighbors by configuring and binding a PIM neighbor filter to those interfaces that have PIM enabled.

Check Content

Step 1: Verify that an ACL is configured that will specify the allowable PIM neighbors similar to the following example.

ip access-list standard pim-neighbors permit 192.0.2.1
permit 192.0.2.3

Step 2: Verify that a pim neighbor-filter command is configured on all PIM enabled interfaces that is referencing the PIM neighbor ACL similar to the following example:

interface GigabitEthernet0/3
ip address 192.0.2.2 255.255.255.0
pim neighbor-filter pim-neighbors

If PIM neighbor filter is not bound to interfaces that have PIM enabled, this is a finding.

Fix Text

The router administrator configures and binds a PIM neighbor filter to those interfaces that have PIM enabled.