- NET-IPV6-004 - Router advertisements must be suppressed on all external-facing IPv6-enabled interfaces.
- NET-IPV6-006 - Ensure the undetermined transport packet is blocked at the perimeter in an IPv6 enclave by the router.
- NET-IPV6-008 - The IAO/NSO will ensure IPv6 6bone address space is blocked on the ingress and egress filter, (3FFE::/16).
- NET-IPV6-010 - Permit inbound ICMPv6 messages Packet-too-big, Time Exceeded, Parameter Problem, Echo Reply, and Neighbor Discovery.
- NET-IPV6-011 - The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery - echo-request
- NET-IPV6-011 - The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery - neighbor-adv
- NET-IPV6-011 - The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery - neighbor-solicit
- NET-IPV6-011 - The network element can permit outbound ICMPv6 Packet-too-big, Echo Request, and Neighborhood Discovery - packet-too-big
- NET-IPV6-016 - The network element must be configured so that ICMPv6 unreachable notifications and redirects are disabled on all external facing interfaces.
- NET-IPV6-017 - The network element must be configured to ensure the routing header extension type 0, 1, and 3-255 are rejected.
- NET-IPV6-024 - IPv6 6-to-4 addresses with a prefix of 2002::/16 are dropped by ingress and egress filters - Egress filter
- NET-IPV6-024 - IPv6 6-to-4 addresses with a prefix of 2002::/16 are dropped by ingress and egress filters - Ingress filter
- NET-IPV6-025 - IPv6 Site Local Unicast addresses are not defined in the enclave, (FEC0::/10).
- NET-IPV6-026 - IPv6 Site Local Unicast addresses are blocked on the ingress inbound and egress outbound filters, (FEC0::/10).
- NET-IPV6-027 - The network element must restrict any inbound IP packets with a local host loop back address, (0:0:0:0:0:0:0:1 or ::1/128).
- NET-IPV6-028 - The network element must restrict any IP packets from the unspecified address, (0:0:0:0:0:0:0:0 or ::/128).
- NET-IPV6-029 - The network device must block IPv6 multicast addresses used as a source address.
- NET-IPV6-030 - IPv6 addresses with embedded IPv4-compatible IPv6 addresses are blocked on the ingress and egress filters, (0::/96).
- NET-IPV6-031 - IPv6 addresses with embedded IPv4-mapped IPv6 addresses are blocked on the ingress and egress filters, (0::FFFF/96).
- NET-IPV6-032 - The network device must block IPv6 Unique Local Unicast Addresses on the enclaves perimeter ingress and egress filter.
- NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF enabled
- NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF interfaces fail-filter
- NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF log
- NET-IPV6-034 - The network element must be configured via egress ACL or by enabling uRPF in an IPv6 enclave - uRPF reject
- NET-IPV6-047 - Interfaces supporting IPv4 in NAT-PT Architecture must not receive IPv6 traffic.
- NET-IPV6-048 - The IAO/NSO will ensure in NAT-PT architecture there is no tunneled IPv4 in IPv6 traffic.
- NET-IPV6-059 - The administrator must ensure that the maximum hop limit is at least 32.
