CIS Cisco IOS 12 L1 v4.0.0

Audit Details

Name: CIS Cisco IOS 12 L1 v4.0.0

Updated: 4/25/2022

Authority: CIS

Plugin: Cisco

Revision: 1.14

Estimated Item Count: 55

File Details

Filename: CIS_Cisco_IOS_12_v4.0.0_Level_1.audit

Size: 74.2 kB

MD5: a75cb99e9bd51e1cb27efe008eeb2c8f
SHA256: 940d52277e250fca3c9a8bf4575436842b2f91d28804366e33e18d29f0f0f452

Audit Changelog

 
Revision 1.14

Apr 25, 2022

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Revision 1.13

Mar 29, 2022

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.12

Jun 17, 2021

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.11

Mar 23, 2021

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.10

Sep 29, 2020

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • References updated.
Revision 1.9

Apr 15, 2020

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • References updated.
Revision 1.8

Nov 18, 2019

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.1.1 Enable 'aaa new-model'
  • 1.1.2 Enable 'aaa authentication login'
  • 1.1.3 Enable 'aaa authentication enable default'
  • 1.1.4 Set 'login authentication for 'line con 0'
  • 1.1.5 Set 'login authentication for 'line tty'
  • 1.1.6 Set 'login authentication for 'line vty'
  • 1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'
  • 1.2.10 Set 'transport input none' for 'line aux 0'
  • 1.2.2 Set 'transport input ssh' for 'line vty' connections
  • 1.2.3 Set 'no exec' for 'line aux 0'
  • 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'
  • 1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'
  • 1.2.5 Set 'access-class' for 'line vty'
  • 1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'
  • 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'
  • 1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'
  • 1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'
  • 1.3.1 Set the 'banner-text' for 'banner exec'
  • 1.3.2 Set the 'banner-text' for 'banner login'
  • 1.3.3 Set the 'banner-text' for 'banner motd'
  • 1.4.1 Set 'password' for 'enable secret'
  • 1.4.2 Enable 'service password-encryption'
  • 1.4.3 Set 'username secret' for all local users
  • 1.5.1 Set 'no snmp-server' to disable SNMP when unused
  • 1.5.2 Unset 'private' for 'snmp-server community'
  • 1.5.3 Unset 'public' for 'snmp-server community'
  • 1.5.4 Do not set 'RW' for any 'snmp-server community'
  • 1.5.5 Set the ACL for each 'snmp-server community'
  • 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'
  • 1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
  • 2.1.1.1.1 Set the 'hostname'
  • 2.1.1.1.2 Set the 'ip domain name'
  • 2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'
  • 2.1.1.1.4 Set 'seconds' for 'ip ssh timeout'
  • 2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries'
  • 2.1.1.2 Set version 2 for 'ip ssh version'
  • 2.1.2 Set 'no cdp run'
  • 2.1.3 Set 'no ip bootp server'
  • 2.1.4 Set 'no service dhcp'
  • 2.1.5 Set 'no ip identd'
  • 2.1.6 Set 'service tcp-keepalives-in'
  • 2.1.7 Set 'service tcp-keepalives-out'
  • 2.1.8 Set 'no service pad'
  • 2.2.1 Set 'logging on'
  • 2.2.2 Set 'buffer size' for 'logging buffered'
  • 2.2.3 Set 'logging console critical'
  • 2.2.4 Set IP address for 'logging host'
  • 2.2.5 Set 'logging trap informational'
  • 2.2.6 Set 'service timestamps debug datetime'
  • 2.2.7 Set 'logging source interface'
  • 2.3.2 Set 'ip address' for 'ntp server'
  • 3.1.1 Set 'no ip source-route'
Miscellaneous
  • Platform check updated.
Revision 1.7

Aug 5, 2019

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • See also link updated.
Revision 1.6

Jul 30, 2019

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
  • 1.3.1 Set the 'banner-text' for 'banner exec'
  • 1.3.2 Set the 'banner-text' for 'banner login'
  • 1.3.3 Set the 'banner-text' for 'banner motd'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • References updated.
  • Variables updated.
Revision 1.5

Feb 6, 2019

Functional Update
  • 1.1.5 Set 'login authentication for 'line tty'
Informational Update
  • 1.5.7 Set 'snmp-server host' when using SNMP
  • 1.5.8 Set 'snmp-server enable traps snmp'
Miscellaneous
  • Metadata updated.
  • References updated.