CIS Cisco Firewall v8.x L1 v4.2.0

Audit Details

Name: CIS Cisco Firewall v8.x L1 v4.2.0

Updated: 4/25/2022

Authority: CIS

Plugin: Cisco

Revision: 1.2

Estimated Item Count: 96

File Details

Filename: CIS_Cisco_Firewall_v8.x_Level_1_v4.2.0.audit

Size: 157 kB

MD5: d006821dfbb2bfabfe317f8cb9749215
SHA256: 06eb4c88c9b1ea1d56fdd93e67de633e7e5c2c3fddcfba581fecc69811d29525

Audit Items

DescriptionCategories
1.1.1 Ensure 'Logon Password' is set

IDENTIFICATION AND AUTHENTICATION

1.1.2 Ensure 'Enable Password' is set

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.3 Ensure 'Master Key Passphrase' is set

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.4 Ensure 'Password Recovery' is disabled

CONFIGURATION MANAGEMENT

1.1.5 Ensure 'Password Policy' is enabled - lifetime

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-changes

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-length

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-numeric

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-special

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercase

IDENTIFICATION AND AUTHENTICATION

1.2.1 Ensure 'Domain Name' is set

CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Host Name' is set

CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabled

CONFIGURATION MANAGEMENT

1.2.4 Ensure 'Unused Interfaces' is disable

CONFIGURATION MANAGEMENT

1.3.1 Ensure 'Image Integrity' is correct

SYSTEM AND INFORMATION INTEGRITY

1.3.2 Ensure 'Image Authenticity' is correct

SYSTEM AND INFORMATION INTEGRITY

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

CONFIGURATION MANAGEMENT

1.4.1.2 Ensure 'local username and password' is set

IDENTIFICATION AND AUTHENTICATION

1.4.1.3 Ensure known default accounts do not exist

IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - protocol

ACCESS CONTROL

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - server

ACCESS CONTROL

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly

ACCESS CONTROL

1.4.3.2 Ensure 'aaa authentication http console' is configured correctly

ACCESS CONTROL

1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly

ACCESS CONTROL

1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly

ACCESS CONTROL

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly

ACCESS CONTROL

1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctly

ACCESS CONTROL

1.4.4.1 Ensure 'aaa command authorization' is configured correctly

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctly

ACCESS CONTROL

1.4.5.1 Ensure 'aaa command accounting' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly

CONFIGURATION MANAGEMENT

1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly

CONFIGURATION MANAGEMENT

1.5.1 Ensure 'ASDM banner' is set

AWARENESS AND TRAINING

1.5.2 Ensure 'EXEC banner' is set

AWARENESS AND TRAINING

1.5.3 Ensure 'LOGIN banner' is set

AWARENESS AND TRAINING

1.5.4 Ensure 'MOTD banner' is set

AWARENESS AND TRAINING

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure 'SSH version 2' is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits

CONFIGURATION MANAGEMENT

1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers

CONFIGURATION MANAGEMENT

1.6.5 Ensure 'Telnet' is disabled

CONFIGURATION MANAGEMENT

1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address

CONFIGURATION MANAGEMENT

1.7.2 Ensure 'TLS 1.2' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

1.9.1.1 Ensure 'NTP authentication' is enabled

IDENTIFICATION AND AUTHENTICATION