Tenable Cisco ACI

Audit Details

Name: Tenable Cisco ACI

Updated: 4/25/2022

Authority: TNS

Plugin: Cisco_ACI

Revision: 1.2

Estimated Item Count: 51

File Details

Filename: Tenable_Best_Practices_Cisco_ACI_v1.0.0.audit

Size: 64.9 kB

MD5: ef1c26262e08a9ecccf5279edf3d7f1d
SHA256: 6fa693ca59d97bf1523f1f2afb405ef3aa2a6f8494a7e2efef2cdf05d1195733

Audit Items

DescriptionCategories
Console Authentication Realm

ACCESS CONTROL

Default Authentication Realm

ACCESS CONTROL

DNS Profile - Address - DNS Server 1

SYSTEM AND COMMUNICATIONS PROTECTION

DNS Profile - Address - DNS Server 2

SYSTEM AND COMMUNICATIONS PROTECTION

Enforce Password Change Interval

IDENTIFICATION AND AUTHENTICATION

Fabric Security - Policy - FIPS Mode

SYSTEM AND COMMUNICATIONS PROTECTION

First Hop Security - IP Inspection - Admin Status

CONFIGURATION MANAGEMENT

First Hop Security - Router Advertisement Guard - Admin Status

CONFIGURATION MANAGEMENT

First Hop Security - Source Guard - Admin Status

CONFIGURATION MANAGEMENT

Include Login in Session Records

AUDIT AND ACCOUNTABILITY

Include Logout in Session Records

AUDIT AND ACCOUNTABILITY

Include Refresh in Session Records

AUDIT AND ACCOUNTABILITY

Keychain Policy - Key Policy - Endtime

IDENTIFICATION AND AUTHENTICATION

LDAP - Enable SSL

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - HTTP - Admin State

CONFIGURATION MANAGEMENT

Management Access Policy - HTTPS - Allow Credentials

CONFIGURATION MANAGEMENT

Management Access Policy - HTTPS - Cipher Configuration
Management Access Policy - HTTPS - SSL Protocols - TLSv1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - HTTPS - SSL Protocols - TLSv1.1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - SSH - MACs - hmac-sha1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - SSH Access Via Web - Admin State

CONFIGURATION MANAGEMENT

Management Access Policy - Telnet - Admin State

CONFIGURATION MANAGEMENT

Maximum Validity Period (h)

ACCESS CONTROL

Minimum period between password changes (hours)

IDENTIFICATION AND AUTHENTICATION

Number of changes allowed within the change interval (changes)

IDENTIFICATION AND AUTHENTICATION

Number of recent user passwords to store

IDENTIFICATION AND AUTHENTICATION

Password Change Interval (hours)

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Enabled

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Minimum Length

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Strength Test Type

IDENTIFICATION AND AUTHENTICATION

Policies - Pod - Date and Time Policy - Administrative State
Policies - Pod - Date and Time Policy - Host

AUDIT AND ACCOUNTABILITY

Remote Location - Protocol

CONFIGURATION MANAGEMENT

Remote user login policy

ACCESS CONTROL

SNMP Destination - Community Name

IDENTIFICATION AND AUTHENTICATION

SNMP Destination - Host

AUDIT AND ACCOUNTABILITY

SNMP Destination - v3 Security level

IDENTIFICATION AND AUTHENTICATION

SNMP Destination - Version

CONFIGURATION MANAGEMENT

Syslog - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Console Destination - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Console Destination - Severity

AUDIT AND ACCOUNTABILITY

Syslog - Local File Destination - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Local File Destination - Severity

AUDIT AND ACCOUNTABILITY

Syslog - Show MilliSeconds in Timestamp

AUDIT AND ACCOUNTABILITY

Syslog Remote Destination - Host

AUDIT AND ACCOUNTABILITY

Syslog Remote Destination - Severity

AUDIT AND ACCOUNTABILITY

System Alias and Banners - Controller CLI Banner

ACCESS CONTROL

System Alias and Banners - GUI Banner (URL)

ACCESS CONTROL

System Alias and Banners - Switch CLI Banner

ACCESS CONTROL

Web Session Idle Timeout (s)

ACCESS CONTROL