CIS Cisco NX-OS L1 v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco NX-OS L1 v1.1.0

Updated: 5/23/2025

Authority: CIS

Plugin: Cisco

Revision: 1.4

Estimated Item Count: 39

File Details

Filename: CIS_Cisco_NX-OS-v1.1.0_Level_1.audit

Size: 115 kB

MD5: 24dbc2b3f59541ad3439e270bb67455f
SHA256: b5811cc23f22ddbeea14d62b6147a24fe3f3693e2c59af703c34221c29aa2694

Audit Items

DescriptionCategories
1.1.1.1 Configure AAA Authentication - TACACS if applicable
1.1.1.2 Configure AAA Authentication - Local SSH keys
1.1.1.3 Configure AAA Authentication - RADIUS if applicable
1.1.2.1 vty line authentication
1.2.1 Restrict Access to VTY Sessions
1.2.2 Configure IP Blocking on Failed Logins
1.2.3 Limit SSH Login Attempts
1.2.4 Ensure Exec Timeout for Console Sessions is set
1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set
1.2.6 Set the Maximum Number of VTY Sessions
1.2.7 Disable the Telnet Feature
1.3.1 Pre-authentication Banner
1.3.2 Post-authentication Banner
1.4.1 Enable Password Complexity Requirements for Local Credentials
1.4.3 Set password lifetime, warning time and grace time for local credentials
1.4.4 Set password length for local credentials
1.5.1 If SNMPv2 is in use, use a Complex Community String
1.5.2 If SNMPv2 is in use, set Restrictions on Access
1.6.4 Configure Logging Timestamps
1.7.1 Configure at least 2 external NTP Servers
1.7.2 Configure a Time Zone
1.7.3 If a Local Time Zone is used, Configure Daylight Savings
2.1.1 Configure Control Plane Policing
3.1.1.2 Configure EIGRP Passive interfaces for interfaces that do not have peers
3.1.1.3 Configure EIGRP log-adjacency-changes
3.1.2.1 Configure BGP to Log Neighbor Changes
3.1.3.1 Set Interfaces with no Peers to Passive-Interface
3.1.3.3 Log OSPF Adjacency Changes
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections
3.1.4.4 Configure HSRP protections
3.2.1.1 Configure RA Guard
3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces
3.2.3 Disable Proxy ARP on all Layer 3 Interfaces
3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces
3.2.5 Disable IP Source-Routing
3.3.1 Configure DHCP Trust
3.4.1 Configure LLDP
4.1 Configure Local Configuration Backup Schedule
4.2 Configure a Remote Backup Schedule