| 1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.3.1 Set the 'banner-text' for 'banner exec' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.3.2 Set the 'banner-text' for 'banner login' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL |
| 1.4.1 Set 'password' for 'enable secret' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| 2.1.1.1.1 Set the 'hostname' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Set 'no ip identd' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Set 'service tcp-keepalives-in' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.5 Set 'logging trap informational' | CIS Cisco IOS 15 L1 v4.1.1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4.2 Set AAA 'source-interface' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3 Set 'no interface tunnel' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.4 Set 'ip rip authentication key-chain' | CIS Cisco IOS 15 L2 v4.1.1 | Cisco | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| Account Management - Review disabled user accounts | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | ACCESS CONTROL |
| Account Management - Review disabled user accounts | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | ACCESS CONTROL |
| Configure IPsec Tunnel Parameters - perfect-forward-secrecy | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | ACCESS CONTROL |
| Content of Audit Records - Configure disk logging - priority level | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Content of Audit Records - Configure disk logging - priority level | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Ensure 'Host Name' is set | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'Image Integrity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb) | Tenable Cisco Firepower Best Practices Audit | Cisco | AUDIT AND ACCOUNTABILITY |
| Ensure 'logging to monitor' is disabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'OSPF authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure 'SNMP community string' is not the default string | Tenable Cisco Firepower Best Practices Audit | Cisco | IDENTIFICATION AND AUTHENTICATION |
| Ensure 'TACACS+/RADIUS' is configured correctly - protocol | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| Ensure 'threat-detection statistics' is set to 'tcp-intercept' | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure 'Unused Interfaces' is disable | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
| Ensure DNS services are configured correctly - domain-lookup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Ensure intrusion prevention is enabled for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
| Identification and Authentication - Use out of band authentication - AAA - netconf logging | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Admin Authentication Order | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Authentication Order | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Identification and Authentication - Use out of band authentication - Server IP | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | IDENTIFICATION AND AUTHENTICATION |
| Secure Name/address Resolution Service - Configure DNS servers - Primary | Tenable Cisco Viptela SD-WAN - vSmart | Cisco_Viptela | SYSTEM AND COMMUNICATIONS PROTECTION |
| System Backup - Enable Backups - interval | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | CONTINGENCY PLANNING |
| System Backup - Enable Backups - path | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | CONTINGENCY PLANNING |
| System Use Notification - Banner motd | Tenable Cisco Viptela SD-WAN - vBond | Cisco_Viptela | ACCESS CONTROL |
| System Use Notification - Banner motd | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | ACCESS CONTROL |
| Time Stamps - Enable NTP - remote server | Tenable Cisco Viptela SD-WAN - vManage | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
| Time Stamps - Enable NTP - timezone | Tenable Cisco Viptela SD-WAN - vEdge | Cisco_Viptela | AUDIT AND ACCOUNTABILITY |
