800-53|AC-18

Title

WIRELESS ACCESS

Description

The organization:

Supplemental

Wireless technologies include, for example, microwave, packet radio (UHF/VHF), 802.11x, and Bluetooth. Wireless networks use authentication protocols (e.g., EAP/TLS, PEAP), which provide credential protection and mutual authentication.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: AC-17,AC-19,AC-2,AC-3,CA-3,CA-7,CM-8,IA-2,IA-3,IA-8,PL-4,SI-4

Category: ACCESS CONTROL

Family: ACCESS CONTROL

Priority: P1

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2 Ensure intra-zone traffic is not always allowed	FortiGate	CIS Fortigate Level 1 v1.1.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device management	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPS	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMP	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSH	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.2.5 Ensure valid certificate is set for browser-based administrator interface	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L2
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - ConfigMaps	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - FeatureGates	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.2.10 Ensure that the APIPriorityAndFairness feature gate is enabled - Overrides	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1	OpenShift	CIS RedHat OpenShift Container Platform 4 v1.3.0 L1
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.3.7 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Failed Attempts	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Ensure 'Failed Attempts' and 'Lockout Time' for Authentication Profile are properly configured - Lockout Time	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes Benchmark v1.7.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.20 Benchmark v1.0.1 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.24 Benchmark v1.0.0 L1 Master
1.4.2 Ensure that the --bind-address argument is set to 127.0.0.1	Unix	CIS Kubernetes v1.23 Benchmark v1.0.1 L1 Master
1.5.5 Set the ACL for each 'snmp-server community'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.5.7 Set 'snmp-server host' when using SNMP	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.5.8 Set 'snmp-server enable traps snmp'	Cisco	CIS Cisco IOS 15 L1 v4.1.1
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3	Cisco	CIS Cisco IOS 15 L2 v4.1.1
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.1 Ensure the LimitRequestLine directive is Set to 512 or less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0 Middleware
10.2 Ensure the LimitRequestFields Directive is Set to 100 or Less	Unix	CIS Apache HTTP Server 2.4 L2 v2.1.0
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 9 L2 v1.2.0
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 10 L2 v1.0.0 Middleware
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 10 L2 v1.0.0
10.10 Configure maxHttpHeaderSize	Unix	CIS Apache Tomcat 9 L2 v1.2.0 Middleware

Detections

Analytics