Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.5 Ensure 'Password Policy' is enabled - lifetimeCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.8 Set 'aaa accounting exec'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

AUDIT AND ACCOUNTABILITY

1.2.2 Ensure 'Host Name' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.2.2 Ensure 'Host Name' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabledCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.4 Ensure 'Unused Interfaces' is disableCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.2.10 Set 'http Secure-server' limitCIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL

1.3.1 Ensure 'Image Integrity' is correctCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.3.1 Set the 'banner-text' for 'banner exec'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

AWARENESS AND TRAINING, PROGRAM MANAGEMENT

1.3.2 Ensure 'Image Authenticity' is correctCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

SYSTEM AND INFORMATION INTEGRITY

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctlyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.5.1 Ensure 'ASDM banner' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AWARENESS AND TRAINING

1.5.2 Ensure 'EXEC banner' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AWARENESS AND TRAINING

1.5.4 Do not set 'RW' for any 'snmp-server community'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

1.5.4 Ensure 'MOTD banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.5 Set the ACL for each 'snmp-server community'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.6.2 Ensure 'SSH version 2' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.8.15 Ensure GNOME Lock Delay is configuredCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIGUnix

ACCESS CONTROL

1.9.1.2 Ensure 'NTP authentication key' is configured correctlyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.9.1.3 Ensure 'trusted NTP server' existsCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.1 Ensure 'logging' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to monitor' is disabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.11.4 Ensure 'SNMP traps' is enabled - coldstartCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

2.1.1.1.1 Set the 'hostname'CIS Cisco IOS XE 16.x v2.1.0 L1Cisco

CONFIGURATION MANAGEMENT

2.1.2 Ensure 'EIGRP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.3 Ensure 'EIGRP authentication' is enabledCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

2.2 Ensure 'noproxyarp' is enabled for untrusted interfacesCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

2.4.1 Create a single 'interface loopback'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

SYSTEM AND INFORMATION INTEGRITY

3.3 Ensure packet fragments are restricted for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.5 Set 'af-interface default'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.2.1 Set 'authentication message-digest' for OSPF areaCIS Cisco IOS XE 16.x v2.1.0 L2Cisco

IDENTIFICATION AND AUTHENTICATION

3.3.2.2 Set 'ip ospf message-digest-key md5'CIS Cisco IOS XE 16.x v2.1.0 L2Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfacesCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

3.8 Ensure 'security-level' is set to '0' for Internet-facing interfaceCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

3.11 Ensure Java applet filtering is enabledCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

ACCESS CONTROL, CONFIGURATION MANAGEMENT

ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.DISA STIG Arista MLS EOS 4.x NDM v2r2Arista

ACCESS CONTROL, CONFIGURATION MANAGEMENT

JUEX-NM-000260 - The Juniper EX switch must be configured to implement replay-resistant authentication mechanisms for network access to privileged accounts.DISA Juniper EX Series Network Device Management v2r3Juniper

IDENTIFICATION AND AUTHENTICATION

JUEX-NM-000620 - The Juniper EX switch must be configured to generate log records for a locally developed list of auditable events.DISA Juniper EX Series Network Device Management v2r3Juniper

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

VCSA-70-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

CONFIGURATION MANAGEMENT

VCSA-80-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.DISA VMware vSphere 8.0 vCenter STIG v2r2VMware

CONFIGURATION MANAGEMENT

vNetwork : disable-dvportgroup-autoexpandVMWare vSphere 5.X Hardening GuideVMware