STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Router Security Requirements Guide

V-216984

CAT II (Medium)

The router must be configured to use keys with a duration not exceeding 180 days for authenticating routing protocol messages.

Rule ID

SV-216984r945863_rule

STIG

Router Security Requirements Guide

Version

V5R2

CCIs

CCI-001184

Discussion

If the keys used for routing protocol authentication are guessed, the malicious user could create havoc within the network by advertising incorrect routes and redirecting traffic. Some routing protocols allow the use of key chains for authentication. A key chain is a set of keys that is used in succession, with each having a lifetime of no more than 180 days. Changing the keys frequently reduces the risk of them eventually being guessed. Keys cannot be used during time periods for which they are not activated. If a time period occurs during which no key is activated, neighbor authentication cannot occur, and therefore routing updates will fail. Therefore, ensure that for a given key chain, key activation times overlap to avoid any period of time during which no key is activated.

Check Content

This requirement is not applicable for the DoDIN Backbone.

For each authenticated routing protocol session, review the configured key expiration dates.

If any key has a lifetime of more than 180 days, this is a finding.

Fix Text

This requirement is not applicable for the DoDIN Backbone.

For each authenticated routing protocol session, configure each key to have a lifetime of no more than 180 days.