CIS Cisco ASA 9.x Firewall L1 v1.0.0

Audit Details

Name: CIS Cisco ASA 9.x Firewall L1 v1.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Cisco

Revision: 1.3

Estimated Item Count: 80

File Details

Filename: CIS_Cisco_ASA_9.x_Firewall_v1.0.0_L1.audit

Size: 129 kB

MD5: e601c8ea25421238c182ad786c3db78d
SHA256: c908bde965801b9e39f7ef97cfed634e23b13aa61f8aedaaedcf134c79fce8f4

Audit Items

DescriptionCategories
1.1.1 Ensure 'Logon Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure 'Enable Password' is set

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.3 Ensure 'Master Key Passphrase' is set

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.4 Ensure 'Password Recovery' is disabled

CONFIGURATION MANAGEMENT

1.1.5 Ensure 'Password Policy' is enabled - lifetime

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-changes

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-length

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-numeric

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-special

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercase

IDENTIFICATION AND AUTHENTICATION

1.2.1 Ensure 'Domain Name' is set

CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Host Name' is set

CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabled

CONFIGURATION MANAGEMENT

1.2.4 Ensure 'Unused Interfaces' is disable

CONFIGURATION MANAGEMENT

1.3.1 Ensure 'Image Integrity' is correct

SYSTEM AND INFORMATION INTEGRITY

1.3.2 Ensure 'Image Authenticity' is correct

SYSTEM AND INFORMATION INTEGRITY

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

CONFIGURATION MANAGEMENT

1.4.1.2 Ensure 'local username and password' is set

IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not exist

IDENTIFICATION AND AUTHENTICATION

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly

ACCESS CONTROL

1.4.3.2 Ensure 'aaa authentication http console' is configured correctly

ACCESS CONTROL

1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly

ACCESS CONTROL

1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly

ACCESS CONTROL

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly

ACCESS CONTROL

1.4.4.1 Ensure 'aaa command authorization' is configured correctly

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctly

ACCESS CONTROL

1.4.5.1 Ensure 'aaa accounting command' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly

CONFIGURATION MANAGEMENT

1.5.1 Ensure 'ASDM banner' is set

AWARENESS AND TRAINING

1.5.2 Ensure 'EXEC banner' is set

AWARENESS AND TRAINING

1.5.3 Ensure 'LOGIN banner' is set

AWARENESS AND TRAINING

1.5.4 Ensure 'MOTD banner' is set

AWARENESS AND TRAINING

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure 'SSH version 2' is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.5 Ensure 'Telnet' is disabled

CONFIGURATION MANAGEMENT

1.7.2 Ensure 'TLS 1.2' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.9.1.1 Ensure 'NTP authentication' is enabled

AUDIT AND ACCOUNTABILITY

1.9.1.2 Ensure 'NTP authentication key' is configured correctly

IDENTIFICATION AND AUTHENTICATION

1.9.1.3 Ensure 'trusted NTP server' exists

CONFIGURATION MANAGEMENT

1.9.2 Ensure 'local timezone' is properly configured

CONFIGURATION MANAGEMENT

1.10.1 Ensure 'logging' is enabled

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to Serial console' is disabled

CONFIGURATION MANAGEMENT

1.10.3 Ensure 'logging to monitor' is disabled

CONFIGURATION MANAGEMENT