800-53|AC-18

Title

WIRELESS ACCESS

Description

The organization:

Supplemental

Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication.

Reference Item Details

Related: AC-17,AC-19,AC-2,AC-3,CA-3,CA-7,CM-8,IA-2,IA-3,IA-8,PL-4,SI-4

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Ensure intra-zone traffic is not always allowedFortiGateCIS Fortigate Level 1 v1.1.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interfacePalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interfacePalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication ProfilePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate ProfilesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - CertificatesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L2
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMapsOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGatesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - OverridesOpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1OpenShiftCIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed AttemptsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed AttemptsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout TimePalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout TimePalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes Benchmark v1.7.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1UnixCIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3CiscoCIS Cisco IOS 15 L2 v4.1.1
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.1 Ensure the LimitRequestLine directive is Set to 512 or lessUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or LessUnixCIS Apache HTTP Server 2.4 L2 v2.1.0
10.10 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 9 L2 v1.2.0
10.10 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 10 L2 v1.0.0 Middleware
10.10 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 10 L2 v1.0.0
10.10 Configure maxHttpHeaderSizeUnixCIS Apache Tomcat 9 L2 v1.2.0 Middleware