Tenable Best Practices Brocade FabricOS

Audit Details

Name: Tenable Best Practices Brocade FabricOS

Updated: 4/25/2022

Authority: TNS

Plugin: Brocade

Revision: 1.1

Estimated Item Count: 63

File Details

Filename: Tenable_Best_Practices_Brocade_FabricOS_v1.1.0.audit

Size: 64.5 kB

MD5: 95890609bca0cf572f89a9dfd6f81095
SHA256: 866e3dfec39e79d5660f25f38ae3f0f654e52ffed38843bf43e60a2560e827e4

Audit Items

DescriptionCategories
Brocade - administrator account is enabled with admin role assigned

ACCESS CONTROL

Brocade - All audit severity level must be audited

AUDIT AND ACCOUNTABILITY

Brocade - Authentication policy must be rejected

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Banner Text

ACCESS CONTROL

Brocade - Bottleneck alerts must be enabled

AUDIT AND ACCOUNTABILITY

Brocade - Bottleneck detection must be enabled

CONFIGURATION MANAGEMENT

Brocade - Brocade licenses must not be expired

CONFIGURATION MANAGEMENT

Brocade - Configures filters for a specified audit class

AUDIT AND ACCOUNTABILITY

Brocade - Device Connection Control policy must be rejected

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Disable HTTP

CONFIGURATION MANAGEMENT

Brocade - Disable HTTP IPv4

CONFIGURATION MANAGEMENT

Brocade - Disable HTTP IPv6

CONFIGURATION MANAGEMENT

Brocade - Disable Telnet IPv4

CONFIGURATION MANAGEMENT

Brocade - Disable Telnet IPv6

CONFIGURATION MANAGEMENT

Brocade - Disable TFTP IPv4

CONFIGURATION MANAGEMENT

Brocade - Disable TFTP IPv6

CONFIGURATION MANAGEMENT

Brocade - enable administrator account lockout

ACCESS CONTROL

Brocade - Enable auditcfg

AUDIT AND ACCOUNTABILITY

Brocade - Enable HTTPS

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable HTTPS IPv4

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable HTTPS IPv6

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable HTTPS ssl log

AUDIT AND ACCOUNTABILITY

Brocade - Enable SFTP IPv4

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable SFTP IPv6

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable SSH IPv4

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable SSH IPv6

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enable the power-on self-test (POST)

SYSTEM AND INFORMATION INTEGRITY

Brocade - Enable the track changes feature

AUDIT AND ACCOUNTABILITY

Brocade - Enable the track changes feature for SNMP traps

AUDIT AND ACCOUNTABILITY

Brocade - Enforce secure Config Upload/Download

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Enforce signature validation for firmware

SYSTEM AND INFORMATION INTEGRITY

Brocade - Ensure a SSL certificate file is established

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Configuration Server policy must be rejected

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Fabric Element Authentication must be rejected

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - FIPS Mode is enabled

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - Forward all error logs to syslog daemon

AUDIT AND ACCOUNTABILITY

Brocade - IPfilter policy must be rejected

SYSTEM AND COMMUNICATIONS PROTECTION

Brocade - lockout duration set to 30 minutes

ACCESS CONTROL

Brocade - lockout threshold set to 3

ACCESS CONTROL

Brocade - maximum password age must be set to no more than 60 days

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum length of the password must be set to 9

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum number of lowercase characters set to 1

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum number of numeric digits set to 1

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum number of punctuation characters set to 1

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum number of uppercase characters set to 1

IDENTIFICATION AND AUTHENTICATION

Brocade - minimum password age must be set to at least 30 days

IDENTIFICATION AND AUTHENTICATION

Brocade - MOTD Text

ACCESS CONTROL

Brocade - password history must be set to 1

IDENTIFICATION AND AUTHENTICATION

Brocade - password warning must be set to at least 30 days

ACCESS CONTROL

Brocade - repeat characters must be set to 1

IDENTIFICATION AND AUTHENTICATION