Detections
Analytics

CIS Fortigate 7.0.x Level 2 v1.2.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fortigate 7.0.x Level 2 v1.2.0

Updated: 6/24/2024

Authority: CIS

Plugin: FortiGate

Revision: 1.2

Estimated Item Count: 23

File Details

Filename: CIS_Fortigate_7.0.x_v1.2.0_L2.audit

Size: 33 kB

MD5: 0c5935f7120c741ead77b1f4f6cbf381
SHA256: 0fb55899f81a193d40bcf59b034d91c9b2df08d936d369a69f090341d63538d7

Audit Items

DescriptionCategories
2.1.6 Ensure the latest firmware is installed
2.1.7 Disable USB Firmware and configuration installation
2.1.8 Disable static keys for TLS
2.1.9 Enable Global Strong Encryption
2.3.1 Ensure only SNMPv3 is enabled
2.3.2 Allow only trusted hosts in SNMPv3
2.5.1 Ensure High Availability configuration is enabled
3.1 Ensure that unused policies are reviewed regularly
4.1.1 Detect Botnet connections
4.2.1 Ensure Antivirus Definition Push Updates are Configured
4.2.2 Apply Antivirus Security Profile to Policies
4.2.3 Enable Outbreak Prevention Database
4.2.4 Enable AI /heuristic based malware detection
4.2.5 Enable grayware detection on antivirus
4.3.1 Enable Botnet C&C Domain Blocking DNS Filter
4.4.2 Block applications running on non-default ports
5.2.1.1 Ensure Security Fabric is Configured
6.1.1 Apply a Trusted Signed Certificate for VPN Portal
6.1.2 Enable Limited TLS Versions for SSL VPN
7.1 Configuring the maximum login attempts and lockout period
8.1.1 Enable Event Logging
8.2.1 Encrypt Log Transmission to FortiAnalyzer / FortiManager
8.3.1 Centralized Logging and Reporting