Detections
Analytics

CIS Fortigate Level 2 v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Fortigate Level 2 v1.1.0

Updated: 1/24/2024

Authority: CIS

Plugin: FortiGate

Revision: 1.1

Estimated Item Count: 32

File Details

Filename: CIS_Fortigate_Level_2_v1.1.0.audit

Size: 42.3 kB

MD5: 5e846e4fd59cb7dc68dd56677032613c
SHA256: 94a37cb17114fbc598e829e7317fc6dfa59d135d3fd4db02e0f2464bbca60884

Audit Items

DescriptionCategories
2.1.6 Ensure the latest firmware is installed
2.1.7 Disable USB Firmware and configuration installation - auto-install-config
2.1.7 Disable USB Firmware and configuration installation - auto-install-image
2.1.8 Disable static keys for TLS
2.1.9 Enable Global Strong Encryption
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't exist
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user exist
2.5.1 Ensure High Availability Configuration
2.5.3 Ensure HA Reserved Management Interface is Configured
3.1 Ensure that unused policies are reviewed regularly
3.3 Ensure Policies are Uniquely Named
3.4 Ensure there are no Unused Policies
4.1.1 Detect Botnet Connections
4.2.1 Ensure Antivirus Definition Push Updates are Configured
4.2.2 Apply Antivirus Security Profile to Policies
4.2.3 Enable Outbreak Prevention Database
4.2.4 Enable AI /heuristic based malware detection
4.2.5 Enable grayware detection on antivirus
4.3.1 Enable Botnet C&C Domain Blocking DNS Filter
4.4.2 Block applications running on non-default ports
5.2.1.1 Ensure Security Fabric is Configured
6.1.1 Apply a Trusted Signed Certificate for VPN Portal
6.1.2 Enable Limited TLS Versions for SSL VPN - algorithm
6.1.2 Enable Limited TLS Versions for SSL VPN - banned-cipher
6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-max-prot-ver
6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-max-proto-ver
6.1.2 Enable Limited TLS Versions for SSL VPN - ssl-min-proto-ver
7.1 Configuring the maximum login attempts and lockout period - auth-lockout-duration
7.1 Configuring the maximum login attempts and lockout period - auth-lockout-threshold
8.1.1 Enable Event Logging
8.2.1 Encrypt Log Transmission to FortiAnalyzer / FortiManager
8.3.1 Centralized Logging and Reporting