CIS Palo Alto Firewall 9 v1.0.1 L2

Audit Details

Name: CIS Palo Alto Firewall 9 v1.0.1 L2

Updated: 1/4/2023

Authority: CIS

Plugin: Palo_Alto

Revision: 1.2

Estimated Item Count: 18

File Details

Filename: CIS_Palo_Alto_Firewall_9_Benchmark_v1.0.1_L2.audit

Size: 79.3 kB

MD5: 79263a156b946d6765ba5775e16deb30
SHA256: bacc7ed03e5897d629a2c92d35c2ca03f10b1f7f5318e8131ab0faf59bc8ab2e

Audit Items

DescriptionCategories
1.1.1.2 SNMPv3 traps should be configured - configuration

AUDIT AND ACCOUNTABILITY

1.1.1.2 SNMPv3 traps should be configured - hip match

AUDIT AND ACCOUNTABILITY

1.1.1.2 SNMPv3 traps should be configured - host

AUDIT AND ACCOUNTABILITY

1.1.1.2 SNMPv3 traps should be configured - ip-tag

AUDIT AND ACCOUNTABILITY

1.1.1.2 SNMPv3 traps should be configured - user-id

AUDIT AND ACCOUNTABILITY

1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - Certificates

CONFIGURATION MANAGEMENT

1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - GlobalProtect Gateways

CONFIGURATION MANAGEMENT

1.6.3 Ensure that the Certificate Securing Remote Access VPNs is Valid - GlobalProtect Portals

CONFIGURATION MANAGEMENT

2.1 Ensure that IP addresses are mapped to usernames - User ID Agents

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.1 Ensure that IP addresses are mapped to usernames - Zones

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

2.2 Ensure that WMI probing is disabled

ACCESS CONTROL, CONFIGURATION MANAGEMENT

6.17 Ensure that a Zone Protection Profile with tuned Flood Protection settings enabled for all flood types is attached to all untrusted zones

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

7.1 Ensure application security policies exist when allowing traffic from an untrusted zone to a more trusted zone

ACCESS CONTROL, MEDIA PROTECTION

8.3 Ensure that the Certificate used for Decryption is Trusted

ACCESS CONTROL, CONFIGURATION MANAGEMENT

CIS_Palo_Alto_Firewall_9_Benchmark_v1.0.1_L2.audit from CIS Palo Alto Firewall 9 Benchmark v1.0.1