STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Cisco IOS XR Router RTR Security Technical Implementation Guide

V-216765

CAT III (Low)

The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces.

Rule ID

SV-216765r856443_rule

STIG

Cisco IOS XR Router RTR Security Technical Implementation Guide

Version

V3R3

CCIs

CCI-002403

Discussion

CDP is a Cisco proprietary neighbor discovery protocol used to advertise device capabilities, configuration information, and device identity. CDP is media- and protocol-independent as it runs over layer 2; therefore, two network nodes that support different layer 3 protocols can still learn about each other. Allowing CDP messages to reach external network nodes provides an attacker a method to obtain information of the network infrastructure that can be useful to plan an attack.

Check Content

This requirement is not applicable for the DODIN Backbone.

Step 1: Verify if CDP is enabled globally via the cdp command as shown below.

hostname R3
cdp

By default CDP is disabled globally; hence, the command cdp run will not be shown in the configuration. If CDP is enabled, proceed to step 2.

Step 2: Verify CDP is not enabled on any external interface as shown in the example below.

interface GigabitEthernet0/0/0/1
 cdp
 ipv4 address x.1.34.3 255.255.255.252

If CDP is enabled on any external interface, this is a finding.

Fix Text

This requirement is not applicable for the DODIN Backbone.

Disable CDP on all external interfaces via no cdp command or disable CDP globally via no cdp command.