CIS Fortigate Level 2 v1.0.0

Audit Details

Name: CIS Fortigate Level 2 v1.0.0

Updated: 11/8/2022

Authority: CIS

Plugin: FortiGate

Revision: 1.0

Estimated Item Count: 28

File Details

Filename: CIS_Fortigate_Level_2.audit

Size: 43.8 kB

MD5: 59bec9ed48c2f71f6479ec4ae61b29dd
SHA256: d14df555d6aa62091383b3edb3dd9a9f68a6a9e450b8225c28d7da9220b5f085

Audit Items

DescriptionCategories
2.1.6 Ensure the latest firmware is installed

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

2.1.7 Disable USB Firmware and configuration installation - auto-install-config

CONFIGURATION MANAGEMENT

2.1.7 Disable USB Firmware and configuration installation - auto-install-image

CONFIGURATION MANAGEMENT

2.1.8 Disable static keys for TLS

ACCESS CONTROL

2.1.9 Enable Global Strong Encryption

ACCESS CONTROL

2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't exist

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user exist

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.5.1 Ensure High Availability Configuration

SYSTEM AND INFORMATION INTEGRITY

2.5.3 Ensure HA Reserved Management Interface is Configured

SYSTEM AND INFORMATION INTEGRITY

3.1 Ensure that unused policies are reviewed regularly

CONFIGURATION MANAGEMENT

3.3 Ensure Policies are Uniquely Named

CONFIGURATION MANAGEMENT

3.4 Ensure there are no Unused Policies

CONFIGURATION MANAGEMENT

4.1.1 Detect Botnet Connections

CONFIGURATION MANAGEMENT

4.2.1 Ensure Antivirus Definition Push Updates are Configured

CONFIGURATION MANAGEMENT

4.2.2 Apply Antivirus Security Profile to Policies

CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY

4.3.1 Enable Botnet C&C Domain Blocking DNS Filter

CONFIGURATION MANAGEMENT

5.2.1.1 Ensure Security Fabric is Configured

CONFIGURATION MANAGEMENT

6.1.1 Apply a Trusted Signed Certificate for VPN Portal

IDENTIFICATION AND AUTHENTICATION

6.1.2 Enable Limited TLS Versions for SSL VPN - algorithm

ACCESS CONTROL

6.1.2 Enable Limited TLS Versions for SSL VPN - banned-cipher

ACCESS CONTROL

6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-max-prot-ver

ACCESS CONTROL

6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-max-proto-ver

ACCESS CONTROL

6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-min-proto-ver

ACCESS CONTROL

7.1 Configuring the maximum login attempts and lockout period - auth-lockout-duration

SYSTEM AND COMMUNICATIONS PROTECTION

7.1 Configuring the maximum login attempts and lockout period - auth-lockout-threshold

SYSTEM AND COMMUNICATIONS PROTECTION

8.1.1 Enable Event Logging

AUDIT AND ACCOUNTABILITY

8.2.1 Encrypt Log Transmission to FortiAnalyzer / FortiManager

SYSTEM AND COMMUNICATIONS PROTECTION

8.3.1 Centralized Logging and Reporting

AUDIT AND ACCOUNTABILITY