| 1.1.3.1 Configure Authorization | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | ACCESS CONTROL |
| 1.1.8 Set 'aaa accounting exec' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.1.8 Set 'aaa accounting exec' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.2.1 Set 'privilege 1' for local users | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.2 Ensure 'Host Name' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.2.2 Set 'transport input ssh' for 'line vty' connections | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.3 Ensure 'Failover' is enabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.2.3 Set 'no exec' for 'line aux 0' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL |
| 1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.2.8 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL |
| 1.3.1 Ensure 'Image Integrity' is correct | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION |
| 1.4.3 Set 'logging console critical' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.4.5 Set 'logging trap informational' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.5.3 Do not set 'RW' for any 'snmp-server community' | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.3 Unset 'public' for 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.4 Do not set 'RW' for any 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.4 Ensure 'MOTD banner' is set | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.5 Set 'snmp-server host' when using SNMP | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.5 Set the ACL for each 'snmp-server community' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.7 Set 'snmp-server host' when using SNMP | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.2 Restrict VTY Access | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY |
| 1.8.2 Set username secret for all local users | CIS Cisco IOS XR 7.x v1.0.0 L1 | Cisco | ACCESS CONTROL |
| 1.9.1.3 Ensure 'trusted NTP server' exists | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.10.2 Ensure 'logging to monitor' is disabled | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.1.2 Ensure 'EIGRP authentication' is enabled | CIS Cisco ASA 9.x Firewall L2 v1.1.0 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.8 Set 'no service pad' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1.4 Set 'key' for each 'ntp server' | CIS Cisco IOS XR 7.x v1.0.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.3 Set 'logging console critical' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.2.5 Set 'logging trap informational' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.3 Set the 'ntp trusted-key' | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.3 Set the 'ntp trusted-key' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.3.1.4 Set 'key' for each 'ntp server' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 2.4.1 Create a single 'interface loopback' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 2.4.3 Set 'ntp source' to Loopback Interface | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | AUDIT AND ACCOUNTABILITY |
| 3.2.2 Set inbound 'ip access-group' on the External Interface | CIS Cisco IOS XE 17.x v2.1.1 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3 Ensure packet fragments are restricted for untrusted interfaces | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.1 Set 'key chain' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.5 Set 'af-interface default' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.7 Set 'authentication mode md5' | CIS Cisco IOS XE 16.x v2.1.0 L1 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.8 Set 'ip authentication key-chain eigrp' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.1.9 Set 'ip authentication mode eigrp' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.3.2.1 Set 'authentication message-digest' for OSPF area | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 3.3.2.2 Set 'ip ospf message-digest-key md5' | CIS Cisco IOS XE 16.x v2.1.0 L2 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.3.1 Set 'neighbor password' | CIS Cisco IOS XE 17.x v2.1.1 L2 | Cisco | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.5 Ensure DOS protection is enabled for untrusted interfaces | CIS Cisco ASA 9.x Firewall L1 v1.1.0 | Cisco | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
