Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.1 Enable 'aaa new-model'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL

1.1.1.3 Configure AAA Authentication - RADIUS if applicableCIS Cisco NX-OS v1.2.0 L1Cisco

ACCESS CONTROL

1.1.3 Ensure 'Master Key Passphrase' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONTINGENCY PLANNING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5 Ensure 'Password Policy' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.1.5 Set 'login authentication for 'line tty'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL

1.1.6 Set 'login authentication for 'line vty'CIS Cisco IOS 15 L1 v4.1.1Cisco

ACCESS CONTROL

1.2.2 Ensure 'Host Name' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CIS Cisco IOS 12 L1 v4.0.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.3.1 Ensure 'Image Integrity' is correctCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.2 Ensure 'Image Authenticity' is correctCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctlyCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.3.1 Ensure 'aaa authentication enable console' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.3.2 Ensure 'aaa authentication http console' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.4.5.1 Ensure 'aaa accounting command' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.5.1 Ensure 'ASDM banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Ensure 'EXEC banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.3 Ensure 'LOGIN banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.4 Ensure 'MOTD banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 Ensure 'SSH version 2' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

1.6.5 Ensure 'Telnet' is disabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, MAINTENANCE

1.7.2 Ensure 'TLS 1.2' is set for HTTPS accessCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL

1.9.1.1 Ensure 'NTP authentication' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

1.9.1.2 Ensure 'NTP authentication key' is configured correctlyCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, SYSTEM AND COMMUNICATIONS PROTECTION

1.9.1.3 Ensure 'trusted NTP server' existsCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.9.2 Ensure 'local timezone' is properly configuredCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.1 Ensure 'logging' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to monitor' is disabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.8 Ensure 'logging buffered severity level' is greater than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.9 Ensure 'logging trap severity level' is greater than or equal to '5'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Ensure 'EIGRP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.1.2 Set 'ntp authentication-key'CIS Cisco IOS XR 7.x v1.0.0 L2Cisco

AUDIT AND ACCOUNTABILITY

2.3 Ensure 'DNS Guard' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1.2 Set 'ntp authentication-key'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

AUDIT AND ACCOUNTABILITY

2.3.1.2 Set 'ntp authentication-key'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

AUDIT AND ACCOUNTABILITY

3.3 Ensure packet fragments are restricted for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1.2.4 Ensure firewall rules exist for all open portsCIS Amazon Linux 2 STIG v1.0.0 L1Unix

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.8 Ensure 'security-level' is set to '0' for Internet-facing interfaceCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

EX19-MB-000007 - Exchange must use encryption for Outlook Web App (OWA) access.DISA Microsoft Exchange 2019 Mailbox Server STIG v2r2Windows

ACCESS CONTROL

FNFG-FW-000110 - The FortiGate firewall must employ filters that prevent or limit the effects of all types of commonly known denial-of-service (DoS) attacks, including flooding, packet sweeps, and unauthorized port scanning.DISA Fortigate Firewall STIG v1r3FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

FNFG-FW-000120 - The FortiGate firewall must apply egress filters to traffic outbound from the network through any internal interface.DISA Fortigate Firewall STIG v1r3FortiGate

SYSTEM AND COMMUNICATIONS PROTECTION

FNFG-FW-000135 - The FortiGate firewall must be configured to inspect all inbound and outbound traffic at the application layer.DISA Fortigate Firewall STIG v1r3FortiGate

CONFIGURATION MANAGEMENT

FNFG-FW-000150 - The FortiGate firewall must generate an alert that can be forwarded to, at a minimum, the Information System Security Officer (ISSO) and Information System Security Manager (ISSM) when denial-of-service (DoS) incidents are detected. - set serverDISA Fortigate Firewall STIG v1r3FortiGate

SYSTEM AND INFORMATION INTEGRITY