Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3 Ensure 'Master Key Passphrase' is setCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.3.1 Configure AuthorizationCIS Cisco IOS XR 7.x v1.0.0 L2Cisco

ACCESS CONTROL

1.1.5 Ensure 'Password Policy' is enabled - minimum-changesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-lengthCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercaseCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.8 Set 'aaa accounting exec'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

AUDIT AND ACCOUNTABILITY

1.2.1 Set 'privilege 1' for local usersCIS Cisco IOS XE 17.x v2.1.1 L1Cisco

IDENTIFICATION AND AUTHENTICATION

1.2.2 Ensure 'Host Name' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.2.2 Set 'transport input ssh' for 'line vty' connectionsCIS Cisco IOS XE 17.x v2.1.1 L1Cisco

IDENTIFICATION AND AUTHENTICATION

1.2.3 Ensure 'Failover' is enabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL

1.3.1 Ensure 'Image Integrity' is correctCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly - serverCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.4.3.4 Ensure 'aaa authentication serial console' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.4.3.6 Ensure 'aaa authentication telnet console' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.5.4 Ensure 'MOTD banner' is setCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.7 Set 'snmp-server host' when using SNMPCIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.7.2 Ensure 'TLS 1.2' is set for HTTPS accessCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.9.1.1 Ensure 'NTP authentication' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.9.1.3 Ensure 'trusted NTP server' existsCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to monitor' is disabledCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.2 Ensure 'logging to Serial console' is disabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.8 Ensure 'syslog logging facility' is equal to '23'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.11.3 Ensure 'snmp-server host' is set to 'version 3'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.11.4 Ensure 'SNMP traps' is enabled - linkdownCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.11.4 Ensure 'SNMP traps' is enabled - linkupCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.1.2 Ensure 'EIGRP authentication' is enabledCIS Cisco ASA 9.x Firewall L2 v1.1.0Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.2 Ensure 'noproxyarp' is enabled for untrusted interfacesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.2.1.4 Set 'key' for each 'ntp server'CIS Cisco IOS XR 7.x v1.0.0 L2Cisco

AUDIT AND ACCOUNTABILITY

2.2.5 Set 'logging trap informational'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

AUDIT AND ACCOUNTABILITY

2.3.1.3 Set the 'ntp trusted-key'CIS Cisco IOS XE 17.x v2.1.1 L1Cisco

AUDIT AND ACCOUNTABILITY

2.4.3 Set 'ntp source' to Loopback InterfaceCIS Cisco IOS XE 17.x v2.1.1 L2Cisco

AUDIT AND ACCOUNTABILITY

3.2.2 Set inbound 'ip access-group' on the External InterfaceCIS Cisco IOS XE 17.x v2.1.1 L1Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3 Ensure packet fragments are restricted for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.1 Set 'key chain'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.1.8 Set 'ip authentication key-chain eigrp'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.1.9 Set 'ip authentication mode eigrp'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.3.1 Set 'neighbor password'CIS Cisco IOS XE 17.x v2.1.1 L2Cisco

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco ASA 9.x Firewall L1 v1.1.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

ARST-ND-000550 - If the Arista network device uses role-based access control, the network device must enforce organization-defined role-based access control policies over defined subjects and objects.DISA STIG Arista MLS EOS 4.2x NDM v2r1Arista

ACCESS CONTROL, CONFIGURATION MANAGEMENT

JUEX-NM-000150 - The Juniper EX switch must be configured to produce audit log records containing information to establish the source of events.DISA Juniper EX Series Network Device Management v2r2Juniper

AUDIT AND ACCOUNTABILITY

JUEX-NM-000500 - The Juniper EX switch must be configured to prohibit the use of cached authenticators after an organization-defined time period.DISA Juniper EX Series Network Device Management v2r2Juniper

IDENTIFICATION AND AUTHENTICATION

VCSA-70-000273 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.DISA STIG VMware vSphere 7.0 vCenter v1r3VMware

CONFIGURATION MANAGEMENT

VCTR-67-000019 - The vCenter Server must not configure VLAN Trunking unless Virtual Guest Tagging (VGT) is required and authorized.DISA STIG VMware vSphere 6.7 vCenter v1r4VMware

CONFIGURATION MANAGEMENT