STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

Nokia Service Router OS 25.x Layer 2 Switch Security Technical Implementation Guide

Version

V1R1

Release Date

Jun 15, 2026

SCAP Benchmark ID

Nokia_SR_OS_25-x_L2S_STIG

Total Checks

15

Tags

network
CAT I: 1CAT II: 11CAT III: 3

This Security Technical Implementation Guide is published as a tool to improve the security of Department of War (DoW) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (15)

V-283678HIGHThe Nokia layer 2 switch must uniquely identify all network-connected endpoint devices before establishing any connection.V-283679MEDIUMThe Nokia layer 2 switch must manage excess bandwidth to limit the effects of packet flooding types of denial-of-service (DoS) attacks.V-283680LOWThe Nokia layer 2 switch must have Root Guard enabled on all switch ports connecting to access layer switches and hosts.V-283681MEDIUMThe Nokia layer 2 switch must have Spanning Tree Protocol (STP) loop guard enabled on all nondesignated STP switch ports.V-283682MEDIUMThe Nokia layer 2 switch must have Unknown Unicast Flood Blocking (UUFB) enabled.V-283683MEDIUMThe Nokia layer 2 switch must have Dynamic Host Configuration Protocol (DHCP) snooping for all user virtual local area networks (VLANs) to validate DHCP messages from untrusted sources.V-283684MEDIUMThe Nokia layer 2 switch must provide source Internet Protocol (IP) address filtering on untrusted layer 2 interfaces.V-283685MEDIUMThe Nokia layer 2 switch must have Dynamic Address Resolution Protocol (ARP) Inspection (DAI) enabled on all user virtual local area networks (VLANs).V-283686LOWThe Nokia layer 2 switch must have Storm Control configured on all host-facing switch ports.V-283687LOWThe Nokia layer 2 switch must have Internet Group Management Protocol (IGMP) or Multicast Listener Discovery (MLD) snooping configured on all virtual local area networks (VLANs).V-283688MEDIUMThe Nokia layer 2 switch must implement Rapid Spanning Tree Protocol (RSTP) where virtual local area networks (VLANs) span multiple switches with redundant links.V-283689MEDIUMThe Nokia layer 2 switch must enable Ethernet Connectivity Fault Management (ETH-CFM) to protect against one-way connections.V-283690MEDIUMThe Nokia layer 2 switch must assign all virtual private local area network service (VPLS) ports not in use to an inactive VLAN.V-283691MEDIUMThe Nokia layer 2 switch must not have the default virtual local area network (VLAN) assigned to any host-facing switch ports.V-283692MEDIUMThe Nokia layer 2 switch must implement physically or logically separate subnetworks to isolate organization-defined critical system components and functions.