Profile Applicability:
 • Level 1

Description:
 IPv6 is the latest version of the Internet Protocol designed to replace IPv4. Understanding whether IPv6 is enabled, disabled, or in use on your systems is critical for security posture assessment and network management.

Rationale:
 Identifying IPv6 status ensures that security controls and monitoring are appropriately applied, as IPv6 introduces different risks and requires specific configurations.

Impact:
 Pros:

  • Enables informed security planning and risk assessment.

  • Helps ensure consistent application of security policies across IPv4 and IPv6.

Cons:

  • May require additional administrative effort to assess and document.

Default Value:
 IPv6 may be enabled or disabled by default, depending on system and network configuration.

Pre-requisites:

  • Administrative access to systems and network devices.

Remediation:

Test Plan:

Using Linux command line:

1. Check if IPv6 is enabled on the system:

sysctl net.ipv6.conf.all.disable_ipv6

2. Review network interfaces for IPv6 addresses:

ip -6 addr show

3. Document IPv6 usage status and configurations.

Implementation Plan:

Using Linux command line:

1. If necessary, enable or disable IPv6 based on organizational policy:

To disable IPv6:

sysctl -w net.ipv6.conf.all.disable_ipv6=1

To enable IPv6:

sysctl -w net.ipv6.conf.all.disable_ipv6=0

2. Update system and network documentation accordingly.

Backout Plan:

Using Linux command line:

1. Revert any changes made to IPv6 settings if needed:

sysctl -w net.ipv6.conf.all.disable_ipv6=<previous_value>

2. Confirm network functionality and compliance.

References: