Detections
Analytics
CIS Cisco NX-OS v1.2.0 L1
Audit Details
Name: CIS Cisco NX-OS v1.2.0 L1
Updated: 5/23/2025
Authority: CIS
Plugin: Cisco
Revision: 1.0
Estimated Item Count: 41
File Details
Filename: CIS_Cisco_NX-OS_v1.2.0_L1.audit
Size: 167 kB
Audit Items
| Description | Categories |
|---|---|
| 1.1.1.1 Configure AAA Authentication - TACACS if applicable | ACCESS CONTROL |
| 1.1.1.2 Configure AAA Authentication - Local SSH keys | ACCESS CONTROL |
| 1.1.1.3 Configure AAA Authentication - RADIUS if applicable | ACCESS CONTROL |
| 1.1.2.1 vty line authentication | ACCESS CONTROL |
| 1.2.1 Restrict Access to VTY Sessions | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Configure IP Blocking on Failed Logins | AUDIT AND ACCOUNTABILITY |
| 1.2.3 Limit SSH Login Attempts to 3 or less | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.4 Ensure Exec Timeout for Console Sessions is set for less than 10 | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set to less than 10 | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.6 Set the Maximum Number of VTY Sessions | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.7 Disable the Telnet Feature | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3.1 Pre-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.3.2 Post-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.1 Enable Password Complexity Requirements for Local Credentials | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3 Set password lifetime, warning time and grace time for local credentials | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 1.4.4 Set password length for local credentials | IDENTIFICATION AND AUTHENTICATION |
| 1.5.4 Configure Logging Timestamps | AUDIT AND ACCOUNTABILITY |
| 1.6.1 Configure at least 2 external NTP Servers | AUDIT AND ACCOUNTABILITY |
| 1.6.2 Configure a Time Zone | AUDIT AND ACCOUNTABILITY |
| 1.6.3 If a Local Time Zone is used, Configure Daylight Savings | AUDIT AND ACCOUNTABILITY |
| 1.9.1 Configure SNMPv3 | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.9.2 Configure SNMP Traps | SYSTEM AND INFORMATION INTEGRITY |
| 1.9.3 Configure source interface for SNMP Traps | CONFIGURATION MANAGEMENT |
| 1.9.4 Ensure Read Write privileges are not configured for SNMP | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 2.1.1 Configure Control Plane Policing | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.2 Configure EIGRP Passive interfaces for interfaces that do not have peers | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.3 Configure EIGRP log-adjacency-changes | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.1 Set Interfaces with no Peers to Passive-Interface | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.3.3 Log OSPF Adjacency Changes | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.4 Configure HSRP protections | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1.1 Configure RA Guard | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Disable Proxy ARP on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Disable IP Source-Routing | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Configure DHCP Trust | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Configure LLDP | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Configure Local Configuration Backup Schedule | CONTINGENCY PLANNING |
| 4.2 Configure a Remote Backup Schedule | CONTINGENCY PLANNING |