Detections
Analytics
CIS Cisco IOS XR 7.x v1.0.0 L1
Audit Details
Name: CIS Cisco IOS XR 7.x v1.0.0 L1
Updated: 6/17/2024
Authority: CIS
Plugin: Cisco
Revision: 1.1
Estimated Item Count: 31
File Details
Filename: CIS_Cisco_IOS_XR_7.x_v1.0.0_L1.audit
Size: 74.8 kB
Audit Items
| Description | Categories |
|---|---|
| 1.1.2.1 console authentication | ACCESS CONTROL |
| 1.1.2.2 vty line authentication | ACCESS CONTROL |
| 1.1.4.1 exec accounting | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.1.4.2 command accounting | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.1.4.3 network accounting | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.1.4.4 system accounting | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 1.2.1 Set the 'hostname' | IDENTIFICATION AND AUTHENTICATION |
| 1.2.2 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa' | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3 Set 'seconds' for 'ssh timeout' for 60 seconds or less | IDENTIFICATION AND AUTHENTICATION |
| 1.3.1 Disable CDP | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.2 Disable TCP and UDP small servers | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.1 Enable logging | AUDIT AND ACCOUNTABILITY |
| 1.4.2 Set 'buffer size' | AUDIT AND ACCOUNTABILITY |
| 1.4.3 Set 'logging console critical' | AUDIT AND ACCOUNTABILITY |
| 1.4.4 Set IP address for 'logging host' | AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY |
| 1.4.5 Set 'logging trap informational' | AUDIT AND ACCOUNTABILITY |
| 1.4.6 Set logging timestamps | AUDIT AND ACCOUNTABILITY |
| 1.4.7 Set 'logging source interface' | AUDIT AND ACCOUNTABILITY |
| 1.5.1 Unset 'private' for 'snmp-server community' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.2 Unset 'public' for 'snmp-server community' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.3 Do not set 'RW' for any 'snmp-server community' | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.4 Set the ACL for each 'snmp-server community' | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set 'snmp-server host' when using SNMP | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Set 'snmp-server enable traps snmp' | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.1 Disable Telnet Access | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.6.2 Restrict VTY Access | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.6.3 Ensure Exec Timeout for Console Sessions is set | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.7.1 Pre-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.7.2 Post-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.8.2 Set username secret for all local users | ACCESS CONTROL |
| 2.2.2 Set 'ip address' for 'ntp server' | AUDIT AND ACCOUNTABILITY |