STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Dell OS10 Switch Router Security Technical Implementation Guide

V-269861

CAT I (High)

The perimeter router must be configured to not be a Border Gateway Protocol (BGP) peer to an alternate gateway service provider.

Rule ID

SV-269861r1137919_rule

STIG

Dell OS10 Switch Router Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001414

Discussion

ISPs use BGP to share route information with other autonomous systems (i.e., other ISPs and corporate networks). If the perimeter router was configured to BGP peer with an ISP, NIPRnet routes could be advertised to the ISP; thereby creating a backdoor connection from the internet to the NIPRnet.

Check Content

This requirement is not applicable for the DODIN Backbone.

Review the configuration of the router connecting to the alternate gateway.

Verify there are no BGP neighbors configured to the remote AS that belongs to the alternate gateway service provider.

OS10# show running-configuration bgp
!
router bgp 10
 !
 neighbor 50.1.1.1
  !
  address-family ipv4 unicast
  ...
 !
 neighbor 120.100.5.2
  !
  address-family ipv6 unicast
  ...
 !
 ...
 
If there are BGP neighbors connecting the remote AS of the alternate gateway service provider, this is a finding.

Fix Text

This requirement is not applicable for the DODIN Backbone.

Configure the router such that there are no BGP neighbors configured to the remote AS that belongs to the alternate gateway service provider.

OS10(config)# router bgp 10
OS10(config-router-bgp-10)# no neighbor 120.100.5.2