Tenable Cisco Firepower Best Practices Audit

Audit Details

Name: Tenable Cisco Firepower Best Practices Audit

Updated: 12/7/2022

Authority: TNS

Plugin: Cisco

Revision: 1.6

Estimated Item Count: 45

File Details

Filename: Tenable_Best_Practices_Cisco_Firepower.audit

Size: 73.8 kB

MD5: c72d4ad2b68a719e2970a80020b205a5
SHA256: 3353e7ab995e3be0b24f88b329e35ce25b1f5f3606f6fe9662f931c339b353d8

Audit Items

DescriptionCategories
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address

CONFIGURATION MANAGEMENT

1.10.11 Ensure 'logging trap severity ' is greater than or equal to '5'

AUDIT AND ACCOUNTABILITY

Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'

ACCESS CONTROL

Ensure 'console session timeout' is less than or equal to '5' minutes

ACCESS CONTROL

Ensure 'EIGRP authentication' is enabled

CONFIGURATION MANAGEMENT

Ensure 'Failover' is enabled

CONFIGURATION MANAGEMENT

Ensure 'Host Name' is set

CONFIGURATION MANAGEMENT

Ensure 'HTTP session timeout' is less than or equal to '5' minutes

CONFIGURATION MANAGEMENT

Ensure 'Image Authenticity' is correct

SYSTEM AND INFORMATION INTEGRITY

Ensure 'Image Integrity' is correct

SYSTEM AND INFORMATION INTEGRITY

Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces

CONFIGURATION MANAGEMENT

Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)

AUDIT AND ACCOUNTABILITY

Ensure 'logging buffered severity ' is greater than or equal to '3'

AUDIT AND ACCOUNTABILITY

Ensure 'logging to monitor' is disabled

CONFIGURATION MANAGEMENT

Ensure 'logging to Serial console' is disabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging with timestamps' is enabled

AUDIT AND ACCOUNTABILITY

Ensure 'logging' is enabled

AUDIT AND ACCOUNTABILITY

Ensure 'noproxyarp' is enabled for untrusted interfaces

CONFIGURATION MANAGEMENT

Ensure 'OSPF authentication' is enabled

CONFIGURATION MANAGEMENT

Ensure 'Password Policy' is enabled - minimum-length

IDENTIFICATION AND AUTHENTICATION

Ensure 'RIP authentication' is enabled

CONFIGURATION MANAGEMENT

Ensure 'SNMP community string' is not the default string

IDENTIFICATION AND AUTHENTICATION

Ensure 'SNMP traps' is enabled - authentication

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - coldstart

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkdown

CONFIGURATION MANAGEMENT

Ensure 'SNMP traps' is enabled - linkup

CONFIGURATION MANAGEMENT

Ensure 'snmp-server group' is set to 'v3 priv'

CONFIGURATION MANAGEMENT

Ensure 'snmp-server host' is set to 'version 3'

CONFIGURATION MANAGEMENT

Ensure 'SSH source restriction' is set to an authorized IP address

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'syslog hosts' is configured correctly

AUDIT AND ACCOUNTABILITY

Ensure 'TACACS+/RADIUS' is configured correctly - protocol

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

Ensure 'threat-detection statistics' is set to 'tcp-intercept'

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'TLS 1.0' is set for HTTPS access

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure 'Unused Interfaces' is disable

ACCESS CONTROL

Ensure DHCP services are disabled for untrusted interfaces - dhcpd

CONFIGURATION MANAGEMENT

Ensure DHCP services are disabled for untrusted interfaces - dhcprelay

CONFIGURATION MANAGEMENT

Ensure DNS services are configured correctly - domain-lookup

CONFIGURATION MANAGEMENT

Ensure DNS services are configured correctly - name-server

SYSTEM AND COMMUNICATIONS PROTECTION

Ensure email logging is configured for critical to emergency

CONFIGURATION MANAGEMENT

Ensure ICMP is restricted for untrusted interfaces

CONFIGURATION MANAGEMENT

Ensure intrusion prevention is enabled for untrusted interfaces

CONFIGURATION MANAGEMENT

Ensure known default accounts do not exist

IDENTIFICATION AND AUTHENTICATION

Ensure non-default application inspection is configured correctly

SYSTEM AND INFORMATION INTEGRITY

Ensure packet fragments are restricted for untrusted interfaces

CONFIGURATION MANAGEMENT

Ensure timezone is properly configured

CONFIGURATION MANAGEMENT