STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated just now
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to RUCKUS ICX Router Security Technical Implementation Guide

V-273580

CAT II (Medium)

The RUCKUS ICX perimeter router must be configured to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

Rule ID

SV-273580r1110910_rule

STIG

RUCKUS ICX Router Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001414

Discussion

Information flow control regulates authorized information to travel within a network and between interconnected networks. Controlling the flow of network traffic is critical so it does not introduce any unacceptable risk to the network infrastructure or data. An example of a flow control restriction is blocking outside traffic claiming to be from within the organization. For most routers, internal information flow control is a product of system design.

Check Content

Check perimeter router configuration for port connected to DISN for access-list filter to control flow of information between interconnected networks in accordance with applicable policy.  

In this example, SSL traffic is permitted to a specific internal host:  
interface ethernet 1/1/10
 port-name Link_to_DISN
 ip address x.12.1.10 255.255.255.0
 ip access-group Filter_Perimeter in
!
ip access-list extended Filter_Perimeter
 sequence 10 permit tcp any any established
 sequence 20 permit tcp host x.12.1.9 host x.12.1.10 eq bgp
 sequence 30 permit tcp host x.12.1.9 eq bgp host x.12.1.10
 sequence 40 permit icmp host x.12.1.9 host x.12.1.10 echo
 sequence 50 permit icmp host x.12.1.9 host x.12.1.10 echo-reply
 sequence 60 permit tcp any host x.12.1.22 eq ssl
 sequence 70 deny ip any any log

If the router does not enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy, this is a finding.

Fix Text

Configure the router to enforce approved authorizations for controlling the flow of information between interconnected networks in accordance with applicable policy.

1. Configure the access-list. In this example, SSL traffic is permitted to a specific internal host.
ip access-list extended Filter_Perimeter
 sequence 10 permit tcp any any established
 sequence 20 permit tcp host x.12.1.9 host x.12.1.10 eq bgp
 sequence 30 permit tcp host x.12.1.9 eq bgp host x.12.1.10
 sequence 40 permit icmp host x.12.1.9 host x.12.1.10 echo
 sequence 50 permit icmp host x.12.1.9 host x.12.1.10 echo-reply
 sequence 60 permit tcp any host x.12.1.22 eq ssl
 sequence 70 deny ip any any log

2. Apply access list to external interface.
interface ethernet 1/1/10
 port-name Link_to_DISN
 ip address x.12.1.10 255.255.255.0
 ip access-group Filter_Perimeter in
!