TickYouOff
Sign in
Back
🔒

Cisco IOS XR Router STIG (Y26M01) Compliance Checklist

Hard 15 items · 4 hours
testuser's avatar
testuser Published 4 weeks ago
Security

This checklist helps network engineers and auditors implement and verify the Cisco IOS XR Router STIG (Y26M01). It walks through obtaining the STIG, scoping devices, automated assessment, remediation planning, testing, deployment, validation, and documentation for managed environments.

Source: https://ncp.nist.gov/checklist/1310

Progress
0 / 15
  1. Download the Cisco IOS XR Router STIG package — Get the latest STIG/XCCDF from https://cyber.mil/ or https://public.cyber.mil/.
  2. Review the STIG summary and applicability — Confirm covered components (RTR, NDM), role, and scope for your environment.
  3. Inventory Cisco IOS XR devices in scope — Create a master list of devices to which the STIG will apply.
  4. Record device serials and models — Capture hardware IDs and chassis models for asset tracking.
  5. Record software versions and device roles — Log IOS XR versions, feature sets, and device functions.
  6. Map STIG controls to each device — Identify which checks apply to specific routers and roles.
  7. Assess current compliance using XCCDF or an automated scanner — Run STIG/XCCDF checks or vulnerability scanners to generate findings.
  8. Prioritize findings and create a remediation plan — Rank issues by risk and effort; assign owners and timelines.
  9. Test remediations in a lab or maintenance window — Validate fixes in a non-production environment before rollout.
  10. Apply configuration changes in production per change control — Follow your organization's change management and rollback plans.
  11. Patch and update IOS XR to approved versions — Install vendor-approved updates during scheduled maintenance.
  12. Harden management plane and administrative access — Restrict admin access, enable AAA, secure remote access, and logging.
  13. Validate changes and re-scan for compliance — Re-run automated checks to confirm findings are resolved.
  14. Document configurations and update STIG compliance records — Save configs to the repo and record STIG status in compliance logs.
  15. Submit comments or change requests to DISA if needed — Send proposed revisions via email to [email protected].
Sign in to save
📝 My Notes