Detections
Analytics

CIS Cisco v2.4.0 IOS 12 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco v2.4.0 IOS 12 L1

Updated: 7/30/2019

Authority: CIS

Plugin: Cisco

Revision: 1.8

Estimated Item Count: 66

File Details

Filename: CIS_v2.4.0_Cisco_IOS_Level_1.audit

Size: 35.8 kB

MD5: 83c64142f64e0bba88af48bcb379b847
SHA256: c878b5a5ee197ae349c2880eedcb08c6c010e3cd9f97b226beec60ed94cf9eb2

Audit Items

DescriptionCategories
1. Require Encrypted Line Passwords
1.1.1.1 Require AAA service
1.1.1.2 Require AAA Authentication for Login
1.1.1.3 Require AAA Authentication for Enable Mode
1.1.1.4 Require AAA Authentication for Local Console and VTY Lines
1.1.2.1 Require Privilege Level 1 for Local Users
1.1.2.1 Require Privilege Level 1 for Local Users (Check for non-privilege 1 users)
1.1.2.1 Require Privilege Level 1 for Local Users (Check for privilege 1 users with secret password)
1.1.2.1 Require Privilege Level 1 for Local Users (Check for users with privileges 2-15)
1.1.2.1 Require Privilege Level 1 for Local Users (Check users with secret password)
1.1.2.2 Require SSH Server Timeouts, Authentication, and Version Options (ssh authentication-retries)
1.1.2.2 Require SSH Server Timeouts, Authentication, and Version Options (ssh timeout)
1.1.2.2 Require SSH Server Timeouts, Authentication, and Version Options (ssh version)
1.1.2.3 Require VTY Transport SSH
1.1.2.4 Require Timeout for Login Sessions
1.1.2.4 Require Timeout for Login Sessions - Check if exec-timeout is set to Cisco Default.
1.1.2.5 Forbid Auxiliary Port (no exec)
1.1.2.5 Forbid Auxiliary Port (transport input)
1.1.2.6 Require SSH Access Control
1.1.2.7 Require VTY ACL (ACL Deny Any)
1.1.2.7 Require VTY ACL (ACL Permit Host)
1.1.2.7 Require VTY ACL (ACL Permit Network)
1.1.3.1 Require EXEC Banner
1.1.3.2 Require Login Banner
1.1.3.3 Require MOTD Banner
1.1.4.1 Require Enable Secret
1.1.4.2 Require Password Encryption Service
1.1.4.3 Require Encrypted User Passwords
1.1.5.1 Forbid SNMP Community String private
1.1.5.2 Forbid SNMP Community String public
1.1.5.3 Forbid SNMP Read and Write Access
1.1.5.4 Forbid SNMP Write Access
1.1.5.5 Forbid SNMP without ACL
1.1.5.6 Require a Defined SNMP ACL - deny any log
1.1.5.6 Require a Defined SNMP ACL - permit
1.2.1.1 Require Clock Timezone - UTC
1.2.1.2 Forbid summer-time clock
1.2.2.1 Forbid CDP Run Globally
1.2.2.2 Forbid Finger Service
1.2.2.3 Forbid IP BOOTP server
1.2.2.4 Forbid Identification Service
1.2.2.5 Forbid HTTP Services (HTTP Check)
1.2.2.5 Forbid HTTP Services (HTTPS Check)
1.2.2.6 Forbid Remote Startup Configuration (boot network check)
1.2.2.6 Forbid Remote Startup Configuration (service config check)
1.2.2.7 Require TCP keepalives-in Service
1.2.2.8 Require TCP keepalives-out Service
1.2.2.9 Forbid tcp-small-servers
1.2.2.10 Forbid udp-small-servers
1.2.2.11 Forbid TFTP Server