Detections
Analytics
CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
Audit Details
Name: CIS HPE Aruba Networking CX Switch v1.0.1 Optional Security Recommendations
Updated: 4/15/2026
Authority: CIS
Plugin: ArubaOS
Revision: 1.0
Estimated Item Count: 80
File Details
Filename: CIS_HPE_Aruba_Networking_CX_Switch_v1.0.1_Optional_Security_Recommendations.audit
Size: 347 kB
Audit Items
| Description | Categories |
|---|---|
| 1.1.1 Create security user group | ACCESS CONTROL |
| 1.1.2 Securing Password Entry | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.3 Hardening Password Rules | IDENTIFICATION AND AUTHENTICATION |
| 1.1.4 Set an Export Password | IDENTIFICATION AND AUTHENTICATION |
| 1.1.5 Enable Enhanced Secure Mode | ACCESS CONTROL |
| 1.1.6 Default admin account password | IDENTIFICATION AND AUTHENTICATION |
| 1.1.7 RBAC - Customer defined local user groups | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.8 Session Management | ACCESS CONTROL |
| 1.1.9 Verifying Telnet Server is Disabled | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.1.10 Using Local RBAC to Limit User Access to Shell | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.1 SSH Public Key Authentication | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 SSH Allow List | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.3 SSH Server Port Customization | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.4 Recommended Ciphers, MACs, and Algorithms | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.5 Two-factor authentication with the SSH server | IDENTIFICATION AND AUTHENTICATION |
| 1.2.6 SSH Server Key | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.1 NTP Authentication | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3.2 Configuring Time Services | AUDIT AND ACCOUNTABILITY |
| 1.4.1.1 Non Default Community Names, Access Rights & ACL | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.2.1 SNMP V3 | SYSTEM AND SERVICES ACQUISITION |
| 1.4.3 SNMP Traps | AUDIT AND ACCOUNTABILITY |
| 1.5.1.1 Radius Server Configuration | ACCESS CONTROL |
| 1.5.1.2 TACACS Server Configuration | ACCESS CONTROL |
| 1.5.1.3 RadSec Server Configuration | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.2.1 Default & Fallback Local Authentication | ACCESS CONTROL |
| 1.5.2.2 Limit Login Attempts | ACCESS CONTROL |
| 1.5.2.3 Remote Authentication - RADIUS/RadSec/TACACS+ | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.3.1 Local Authorization | ACCESS CONTROL |
| 1.5.3.2 Remote Authorization | ACCESS CONTROL |
| 1.5.4.1 Local Accounting | AUDIT AND ACCOUNTABILITY |
| 1.5.4.2 Remote Accounting | AUDIT AND ACCOUNTABILITY |
| 1.5.5 Per User Management Interface Enablement | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.6 Login Privilege Elevation for Administrators | ACCESS CONTROL |
| 1.6.1 TLS Check Key Usage | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 TLS Minimum Version | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.1 Firmware Validation | CONFIGURATION MANAGEMENT, RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.8.1.1 SFTP and SCP | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.1 https-server default enablement | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.9.2 https-server idle session management | ACCESS CONTROL |
| 1.9.3 Two-factor authentication with the https-server server | IDENTIFICATION AND AUTHENTICATION |
| 1.9.4 Assign a custom certificate to the https-server | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.10.1 ServiceOS Password | IDENTIFICATION AND AUTHENTICATION |
| 1.11.1 Assign a custom certificate to syslog-client | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.11.2 Configure syslog-client to log using TLS | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.12 Login Banner | ACCESS CONTROL |
| 1.13 Schedule Configuration Backup Job | CONTINGENCY PLANNING |
| 1.14 Create Hostname | IDENTIFICATION AND AUTHENTICATION |
| 2.1.1 Disable USB and Bluetooth on Device | CONFIGURATION MANAGEMENT, MEDIA PROTECTION |
| 2.1.2 Front Panel Security | PHYSICAL AND ENVIRONMENTAL PROTECTION |
| 2.1.3 Disable Unused Physical Interfaces | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |