Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1.3 Ensure 'Master Key Passphrase' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.1.5 Ensure 'Password Policy' is enabled - minimum-lengthCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercaseCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.1.5 Ensure 'Password Policy' is enabled - minimum-specialCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.2.2 Ensure 'Host Name' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.2.3 Ensure 'Failover' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctlyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

ACCESS CONTROL

1.4.4.1 Ensure 'aaa command authorization' is configured correctlyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

ACCESS CONTROL

1.4.4.2 Ensure 'aaa authorization exec' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

1.5.1 Ensure 'ASDM banner' is setCIS Cisco Firewall v8.x L1 v4.2.0Cisco

AWARENESS AND TRAINING

1.5.2 Ensure 'EXEC banner' is setCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AWARENESS AND TRAINING

1.5.2 Ensure 'EXEC banner' is setCIS Cisco Firewall v8.x L1 v4.2.0Cisco

AWARENESS AND TRAINING

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.7.2 Ensure 'TLS 1.2' is set for HTTPS accessCIS Cisco Firewall v8.x L1 v4.2.0Cisco

SYSTEM AND COMMUNICATIONS PROTECTION

1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.9.1.1 Ensure 'NTP authentication' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.9.1.2 Ensure 'NTP authentication key' is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

1.9.1.3 Ensure 'trusted NTP server' existsCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.9.1.3 Ensure 'trusted NTP server' existsCIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.1 Ensure 'logging' is enabledCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.8 Ensure 'syslog logging facility' is equal to '23'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.9 Ensure 'logging buffer size' is greater than or equal to '524288' bytes (512kb)CIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.10 Ensure 'logging buffered severity level' is greater than or equal to '3'CIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

AUDIT AND ACCOUNTABILITY

1.10.12 Ensure email logging is configured for critical to emergencyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.11.4 Ensure 'SNMP traps' is enabled - authenticationCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

1.11.4 Ensure 'SNMP traps' is enabled - authenticationCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.11.4 Ensure 'SNMP traps' is enabled - coldstartCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

1.11.5 Ensure 'SNMP community string' is not the default stringCIS Cisco Firewall v8.x L1 v4.2.0Cisco

IDENTIFICATION AND AUTHENTICATION

2.1.1 Ensure 'RIP authentication' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.1.3 Ensure 'EIGRP authentication' is enabledCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

2.1.3 Ensure 'EIGRP authentication' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.3 Ensure 'DNS Guard' is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.4 Ensure DHCP services are disabled for untrusted interfaces - dhcpdCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

2.4 Ensure DHCP services are disabled for untrusted interfaces - dhcprelayCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

3.1 Ensure DNS services are configured correctly - domain-lookupCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

3.2 Ensure intrusion prevention is enabled for untrusted interfacesCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

3.5 Ensure DOS protection is enabled for untrusted interfacesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.6 Ensure 'threat-detection statistics' is set to 'tcp-intercept'CIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfacesCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

3.8 Ensure 'security-level' is set to '0' for Internet-facing interfaceCIS Cisco Firewall v8.x L1 v4.2.0Cisco

ACCESS CONTROL

3.8 Ensure 'security-level' is set to '0' for Internet-facing interfaceCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT

3.11 Ensure Java applet filtering is enabledCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

3.12 Ensure explicit deny in access lists is configured correctlyCIS Cisco Firewall v8.x L1 v4.2.0Cisco

CONFIGURATION MANAGEMENT

3.12 Ensure explicit deny in access lists is configured correctlyCIS Cisco Firewall ASA 9 L1 v4.1.0Cisco

CONFIGURATION MANAGEMENT