Detections
Analytics

CIS Fortigate Level 1 v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fortigate Level 1 v1.1.0

Updated: 1/24/2024

Authority: CIS

Plugin: FortiGate

Revision: 1.2

Estimated Item Count: 40

File Details

Filename: CIS_Fortigate_Level_1_v1.1.0.audit

Size: 74.5 kB

MD5: 09472fadc60eb980fba27c4b7aa696a2
SHA256: 1ad01592b6276c82bc416a05cbe1440b8145a14497126716a80cf82d1f5e31b9

Audit Items

DescriptionCategories
1.1 Ensure DNS server is configured - dns server 1
1.1 Ensure DNS server is configured - dns server 2
1.2 Ensure intra-zone traffic is not always allowed
1.3 Disable all management related services on WAN port
2.1.1 Ensure 'Pre-Login Banner' is set - enable
2.1.1 Ensure 'Pre-Login Banner' is set - warning message
2.1.2 Ensure 'Post-Login-Banner' is set - enable
2.1.2 Ensure 'Post-Login-Banner' is set - warning message
2.1.3 Ensure timezone is properly configured
2.1.4 Ensure correct system time is configured through NTP - ntp server 1
2.1.4 Ensure correct system time is configured through NTP - ntp server 2
2.1.5 Ensure hostname is set
2.2.1 Ensure 'Password Policy' is enabled - apply-to
2.2.1 Ensure 'Password Policy' is enabled - expire-day
2.2.1 Ensure 'Password Policy' is enabled - expire-status
2.2.1 Ensure 'Password Policy' is enabled - min-lower-case-letter
2.2.1 Ensure 'Password Policy' is enabled - min-non-alphanumeric
2.2.1 Ensure 'Password Policy' is enabled - min-number
2.2.1 Ensure 'Password Policy' is enabled - min-upper-case-letter
2.2.1 Ensure 'Password Policy' is enabled - minimum-length
2.2.1 Ensure 'Password Policy' is enabled - reuse-password
2.2.1 Ensure 'Password Policy' is enabled - status
2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-duration
2.2.2 Ensure administrator password retries and lockout time are configured - admin-lockout-threshold
2.3.1 Ensure SNMP agent is disabled
2.4.1 Ensure default 'admin' password is changed
2.4.2 Ensure all the login accounts having specific trusted hosts enabled
2.4.3 Ensure admin accounts with different privileges having their correct profiles assigned
2.4.4 Ensure idle timeout time is configured
2.4.5 Ensure only encrypted access channels are enabled
2.4.6 Apply Local-in Policies
2.5.2 Ensure 'Monitor Interfaces' for High Availability Devices is Enabled - Monitor Interfaces for High Availability Devices is Enabled
2.5.3 Ensure HA Reserved Management Interface is Configured
3.2 Ensure that policies do not use 'ALL' as Service - ALL as Service
3.5 Ensure firewall policy denying all traffic to/from Tor or malicious server IP addresses using ISDB
3.6 Ensure logging is enabled on all firewall policies
4.3.2 Ensure DNS Filter logs all DNS queries and responses
4.4.1 Block high risk categories on Application Control
4.4.3 Ensure all Application Control related traffic are logged
5.1.1 Enable Compromised Host Quarantine