CIS Fortigate Level 1 v1.0.0

Audit Details

Name: CIS Fortigate Level 1 v1.0.0

Updated: 11/8/2022

Authority: CIS

Plugin: FortiGate

Revision: 1.0

Estimated Item Count: 33

File Details

Filename: CIS_Fortigate_Level_1.audit

Size: 76.3 kB

MD5: 5aba0be8bdb16aae8edc907b566bbcbe
SHA256: c93927bf5cada74d81698a0fe6f0b64041eb2ec0c64230faf1d7178903b314b7

Audit Items

DescriptionCategories
1.1 Ensure DNS server is configured - dns server 1

SYSTEM AND COMMUNICATIONS PROTECTION

1.1 Ensure DNS server is configured - dns server 2

SYSTEM AND COMMUNICATIONS PROTECTION

1.2 Ensure intra-zone traffic is not always allowed

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.1.1 Ensure 'Pre-Login Banner' is set - enable

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.1.1 Ensure 'Pre-Login Banner' is set - warning message

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.1.2 Ensure 'Post-Login-Banner' is set - enable

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.1.2 Ensure 'Post-Login-Banner' is set - warning message

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.1.3 Ensure timezone is properly configured

AUDIT AND ACCOUNTABILITY

2.1.4 Ensure correct system time is configured through NTP - ntp server 1

AUDIT AND ACCOUNTABILITY

2.1.4 Ensure correct system time is configured through NTP - ntp server 2

AUDIT AND ACCOUNTABILITY

2.1.5 Ensure hostname is set

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.2.1 Ensure 'Password Policy' is enabled - apply-to

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - expire-day

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - expire-status

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - min-lower-case-letter

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - min-non-alphanumeric

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - min-number

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - min-upper-case-letter

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - minimum-length

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - reuse-password

IDENTIFICATION AND AUTHENTICATION

2.2.1 Ensure 'Password Policy' is enabled - status

IDENTIFICATION AND AUTHENTICATION

2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-duration

ACCESS CONTROL

2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-threshold

ACCESS CONTROL

2.3.1 Ensure SNMP agent is disabled

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.4.1 Ensure default 'admin' password is changed

IDENTIFICATION AND AUTHENTICATION

2.4.2 Ensure all the login accounts having specific trusted hosts enabled

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

2.4.3 Ensure admin accounts with different privileges having their correct profiles assigned

ACCESS CONTROL

2.4.4 Ensure idle timeout time is configured

ACCESS CONTROL, CONFIGURATION MANAGEMENT

2.4.5 Ensure only encrypted access channels are enabled

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.2 Ensure 'Monitor Interfaces' for High Availability Devices is Enabled

SYSTEM AND INFORMATION INTEGRITY

2.5.3 Ensure HA Reserved Management Interface is Configured

SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure that policies do not use 'ALL' as Service

SYSTEM AND INFORMATION INTEGRITY

5.1.1 Enable Compromised Host Quarantine

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY