Detections
Analytics
Item Search
| Name | Audit Name | Plugin | Category |
|---|---|---|---|
| 1.2.1 Ensure 'Domain Name' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Failover' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2.3 Ensure HTTP and Telnet options are disabled for the management interface | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.3.1 Pre-authentication Banner | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.4.1 Ensure 'aaa command authorization' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4.5.1 Ensure 'aaa accounting command' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION |
| 1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.5.3 Ensure 'aaa accounting for EXEC mode' is configured correctly | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.7.2 Disable iPXE (Pre-boot eXecution Environment) | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.7.2 Post-authentication Banner | CIS Cisco IOS XR 7.x v1.0.1 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.3 Ensure that User-ID is only enabled for internal trusted interfaces | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.3 Configure EIGRP log-adjacency-changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.3 Configure BGP Authentication | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.2 Authenticate OSPF peers with MD5 authentication keys | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.3 Log OSPF Adjacency Changes | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Disable Proxy ARP on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Configure DHCP Trust | CIS Cisco NX-OS v1.2.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.2 Set 'key' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.3 Set 'key-string' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.4 Set 'address-family ipv4 autonomous-system' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS XE 17.x v2.2.1 L2 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.6 Set 'authentication key-chain' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.8 Set 'ip authentication key-chain eigrp' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.1 Set 'neighbor password' | CIS Cisco IOS XE 17.x v2.2.1 L1 | Cisco | ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.5.2 Configure FCoE Zoning | CIS Cisco NX-OS v1.2.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1.1 Apply a Trusted Signed Certificate for VPN Portal | CIS Fortigate 7.0.x v1.3.0 L2 | FortiGate | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Filtering Profile | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 6.14 Ensure alerting after a threshold of credit card or Social Security numbers is detected is enabled - Data Object | CIS Palo Alto Firewall 9 v1.1.0 L1 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT |
| 9.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' | CIS Microsoft Azure Foundations v4.0.0 L1 | microsoft_azure | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - All Profiles | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - CNSSI 1253 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 Moderate | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r4 Low | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| Catalina - Disable Wi-Fi Interface | NIST macOS Catalina v1.5.0 - 800-53r5 High | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |