Tenable Cisco ACI

Audit Details

Name: Tenable Cisco ACI

Updated: 12/22/2023

Authority: TNS

Plugin: Cisco_ACI

Revision: 1.5

Estimated Item Count: 51

File Details

Filename: Tenable_Best_Practices_Cisco_ACI_v1.0.0.audit

Size: 67.3 kB

MD5: 5a8317a6e4ba27dcfcbf6562027a5d17
SHA256: 53189045fe81081db0ffe5fef313dad08bd979e5cb411ff5a6807ae56f8627f2

Audit Items

DescriptionCategories
Console Authentication Realm

ACCESS CONTROL

Default Authentication Realm

ACCESS CONTROL

DNS Profile - Address - DNS Server 1

SYSTEM AND COMMUNICATIONS PROTECTION

DNS Profile - Address - DNS Server 2

SYSTEM AND COMMUNICATIONS PROTECTION

Enforce Password Change Interval

IDENTIFICATION AND AUTHENTICATION

Fabric Security - Policy - FIPS Mode

SYSTEM AND COMMUNICATIONS PROTECTION

First Hop Security - IP Inspection - Admin Status

CONFIGURATION MANAGEMENT

First Hop Security - Router Advertisement Guard - Admin Status

CONFIGURATION MANAGEMENT

First Hop Security - Source Guard - Admin Status

CONFIGURATION MANAGEMENT

Include Login in Session Records

AUDIT AND ACCOUNTABILITY

Include Logout in Session Records

AUDIT AND ACCOUNTABILITY

Include Refresh in Session Records

AUDIT AND ACCOUNTABILITY

Keychain Policy - Key Policy - Endtime

IDENTIFICATION AND AUTHENTICATION

LDAP - Enable SSL

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - HTTP - Admin State

CONFIGURATION MANAGEMENT

Management Access Policy - HTTPS - Allow Credentials

CONFIGURATION MANAGEMENT

Management Access Policy - HTTPS - Cipher Configuration
Management Access Policy - HTTPS - SSL Protocols - TLSv1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - HTTPS - SSL Protocols - TLSv1.1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - SSH - MACs - hmac-sha1

SYSTEM AND COMMUNICATIONS PROTECTION

Management Access Policy - SSH Access Via Web - Admin State

CONFIGURATION MANAGEMENT

Management Access Policy - Telnet - Admin State

CONFIGURATION MANAGEMENT

Maximum Validity Period (h)

ACCESS CONTROL

Minimum period between password changes (hours)

IDENTIFICATION AND AUTHENTICATION

Number of changes allowed within the change interval (changes)

IDENTIFICATION AND AUTHENTICATION

Number of recent user passwords to store

IDENTIFICATION AND AUTHENTICATION

Password Change Interval (hours)

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Enabled

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Minimum Length

IDENTIFICATION AND AUTHENTICATION

Password Strength Check - Password Strength Test Type

IDENTIFICATION AND AUTHENTICATION

Policies - Pod - Date and Time Policy - Administrative State
Policies - Pod - Date and Time Policy - Host

AUDIT AND ACCOUNTABILITY

Remote Location - Protocol

CONFIGURATION MANAGEMENT

Remote user login policy

ACCESS CONTROL

SNMP Destination - Community Name

IDENTIFICATION AND AUTHENTICATION

SNMP Destination - Host

AUDIT AND ACCOUNTABILITY

SNMP Destination - v3 Security level

IDENTIFICATION AND AUTHENTICATION

SNMP Destination - Version

CONFIGURATION MANAGEMENT

Syslog - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Console Destination - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Console Destination - Severity

AUDIT AND ACCOUNTABILITY

Syslog - Local File Destination - Admin State

AUDIT AND ACCOUNTABILITY

Syslog - Local File Destination - Severity

AUDIT AND ACCOUNTABILITY

Syslog - Show MilliSeconds in Timestamp

AUDIT AND ACCOUNTABILITY

Syslog Remote Destination - Host

AUDIT AND ACCOUNTABILITY

Syslog Remote Destination - Severity

AUDIT AND ACCOUNTABILITY

System Alias and Banners - Controller CLI Banner

ACCESS CONTROL

System Alias and Banners - GUI Banner (URL)

ACCESS CONTROL

System Alias and Banners - Switch CLI Banner

ACCESS CONTROL

Web Session Idle Timeout (s)

ACCESS CONTROL