1.1 Ensure Minimum Password Length is set to 14 or higher | IDENTIFICATION AND AUTHENTICATION |
1.2 Ensure Disallow Palindromes is selected | IDENTIFICATION AND AUTHENTICATION |
1.3 Ensure Password Complexity is set to 3 | IDENTIFICATION AND AUTHENTICATION |
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-checking | IDENTIFICATION AND AUTHENTICATION |
1.4 Ensure Check for Password Reuse is selected and History Length is set to 12 or more - history-length | IDENTIFICATION AND AUTHENTICATION |
1.5 Ensure Password Expiration is set to 90 days | IDENTIFICATION AND AUTHENTICATION |
1.6 Ensure Warn users before password expiration is set to 7 days | ACCESS CONTROL |
1.7 Ensure Lockout users after password expiration is set to 1 | ACCESS CONTROL |
1.8 Ensure Deny access to unused accounts is selected | ACCESS CONTROL |
1.9 Ensure Days of non-use before lock-out is set to 30 | ACCESS CONTROL |
1.10 Ensure Force users to change password at first login after password was changed from Users page is selected | IDENTIFICATION AND AUTHENTICATION |
1.11 Ensure Deny access after failed login attempts is selected | ACCESS CONTROL |
1.12 Ensure Maximum number of failed attempts allowed is set to 5 or fewer | ACCESS CONTROL |
1.13 Ensure Allow access again after time is set to 300 or more seconds | ACCESS CONTROL |
2.1.1 Ensure 'Login Banner' is set - message banner msgvalue | ACCESS CONTROL |
2.1.1 Ensure 'Login Banner' is set - message banner on | ACCESS CONTROL |
2.1.2 Ensure 'Message Of The Day (MOTD)' is set - motd banner msgvalue | ACCESS CONTROL |
2.1.2 Ensure 'Message Of The Day (MOTD)' is set - motd banner on | ACCESS CONTROL |
2.1.3 Ensure Core Dump is enabled | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.4 Ensure Config-state is saved | CONFIGURATION MANAGEMENT |
2.1.5 Ensure unused interfaces are disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Ensure DNS server is configured - primary | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Ensure DNS server is configured - secondary | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.6 Ensure DNS server is configured - tertiary | SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.7 Ensure IPv6 is disabled if not used | CONFIGURATION MANAGEMENT |
2.1.8 Ensure Host Name is set | CONFIGURATION MANAGEMENT |
2.1.9 Ensure Telnet is disabled | CONFIGURATION MANAGEMENT |
2.1.10 Ensure DHCP is disabled | CONFIGURATION MANAGEMENT |
2.2.1 Ensure SNMP agent is disabled | CONFIGURATION MANAGEMENT |
2.2.2 Ensure SNMP version is set to v3-Only | CONFIGURATION MANAGEMENT |
2.2.3 Ensure SNMP traps is enabled - authorizationError | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - coldStart | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - configurationChange | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - configurationSave | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - linkUpLinkDown | AUDIT AND ACCOUNTABILITY |
2.2.3 Ensure SNMP traps is enabled - lowDiskSpace | AUDIT AND ACCOUNTABILITY |
2.2.4 Ensure SNMP traps receivers is set | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp active | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server primary | AUDIT AND ACCOUNTABILITY |
2.3.1 Ensure NTP is enabled and IP address is set for Primary and Secondary NTP server - ntp server secondary | AUDIT AND ACCOUNTABILITY |
2.3.2 Ensure timezone is properly configured | CONFIGURATION MANAGEMENT |
2.4.1 Ensure 'System Backup' is set. | CONFIGURATION MANAGEMENT |
2.4.2 Ensure 'Snapshot' is set | CONFIGURATION MANAGEMENT |
2.4.3 Configuring Scheduled Backups | CONFIGURATION MANAGEMENT |
2.5.1 Ensure CLI session timeout is set to less than or equal to 10 minutes | ACCESS CONTROL |
2.5.2 Ensure Web session timeout is set to less than or equal to 10 minutes | ACCESS CONTROL |
2.5.3 Ensure Client Authentication is secured. | CONFIGURATION MANAGEMENT |
2.5.4 Ensure Radius or TACACS+ server is configured - aaa server | ACCESS CONTROL |
2.5.4 Ensure Radius or TACACS+ server is configured - tacacs-servers state on | IDENTIFICATION AND AUTHENTICATION |
2.6.1 Ensure mgmtauditlogs is set to on | AUDIT AND ACCOUNTABILITY |