Network: Internet Protocol version 6 (IPv6) source routing must use highest protection level to prevent IP source routing

d5030382-fcd1-4d7c-88e3-f1defebc7cf0

Network: Internet Protocol version 6 (IPv6) source routing must be configured to the highest protection level to prevent IP source routing.

Configuring the system to disable IPv6 source routing protects against spoofing.

Remediation

To fix this, configure the policy value for
Computer Configuration
|_ Administrative Templates
|_ MSS (Legacy)
|_ "MSS: (DisableIPSourceRouting IPv6) IP source routing protection level (protects against packet spoofing)" to "Highest protection, source routing is completely disabled".

This policy setting requires the installation of the MSS-Legacy custom template. "MSS-Legacy.admx" and " MSS-Legacy.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively. Files are available at EventSentry GitHub Repository at: https://github.com/eventsentry/resources

Stig: Server:
2022: https://www.stigviewer.com/stig/microsoft_windows_server_2022/2023-09-11/finding/V-254335
2019: https://www.stigviewer.com/stig/microsoft_windows_server_2019/2023-09-11/finding/V-205858 / https://www.stigviewer.com/stig/windows_server_2019/2020-06-15/finding/V-93233
2016: https://www.stigviewer.com/stig/microsoft_windows_server_2016/2023-08-22/finding/V-224916 / https://www.stigviewer.com/stig/windows_server_2016/2020-06-16/finding/V-73499

Desktop:
W11: https://www.stigviewer.com/stig/microsoft_windows_11/2023-09-29/finding/V-253353
W10: https://www.stigviewer.com/stig/microsoft_windows_10/2023-09-29/finding/V-220795 / https://www.stigviewer.com/stig/windows_10/2021-08-18/finding/V-220795

Nist 800-53: CM-1, CM-2, CM-6, CM-7, CM-7(1), CM-9, SA-3, SA-8, SA-10
Nist 800-171A: A.03.15.01.b[01]
CSCv7: 5.1
PCI-DDS v4: 1.1.1, 2.1.1, 3.1.1, 4.1.1, 5.1.1, 6.1.1, 7.1.1, 8.1.1, 9.1.1, 10.1.1, 11.1.1, 12.1, 12.1.1, 12.1.2
CMMC v2.1: Level2: CM.L2-3.4.1, CM.L2-3.4.2 Level3: CM.L2-3.4.1, CM.L2-3.4.2, CM.L3-3.4.1e, CM.L3-3.4.2e, SI.L3-3.14.3e