STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Router Security Requirements Guide

V-207155

CAT II (Medium)

The router must be configured to have Internet Control Message Protocol (ICMP) redirects disabled on all external interfaces.

Rule ID

SV-207155r856639_rule

STIG

Router Security Requirements Guide

Version

V5R2

CCIs

CCI-002385

Discussion

The ICMP supports IP traffic by relaying information about paths, routes, and network conditions. Routers automatically send ICMP messages under a wide variety of conditions. Redirect ICMP messages are commonly used by attackers for network mapping and diagnosis.

Check Content

Review the device configuration to determine if controls have been defined to ensure the router does not send ICMP Redirect messages out to any external interfaces.

If ICMP Redirect messages are enabled on any external interfaces, this is a finding.

Fix Text

Disable ICMP redirects on all external interfaces.