Detections
Analytics

800-53|SC-7(15)

Title

ROUTE PRIVILEGED NETWORK ACCESSES

Description

The information system routes all networked, privileged accesses through a dedicated, managed interface for purposes of access control and auditing.

Reference Item Details

Related: AC-2,AC-3,AU-2,SI-4

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.0.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 12 L1 v4.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.0.1
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
2.3 Ensure that User-ID is only enabled for internal trusted interfacesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
3.1 Enable the Firewall Stealth RuleCheckPointCIS Check Point Firewall L2 v1.1.0
3.1.1 Ensure Caller ID is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.1.2 Ensure access profile is set to use CHAPJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.3 Ensure SharePoint implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.4.3.2 Ensure a table existsUnixCIS Red Hat EL8 Server L1 v1.0.0
3.4.3.2 Ensure a table existsUnixCIS Red Hat EL8 Workstation L1 v1.0.0
3.5.2.5 Ensure a table existsUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.6 Ensure base chains exist - hook forwardUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.6 Ensure base chains exist - hook inputUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.6 Ensure base chains exist - hook outputUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.7 Ensure loopback traffic is configured - iif loUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.9 Ensure default deny firewall policy - forwardUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.9 Ensure default deny firewall policy - inputUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.2.9 Ensure default deny firewall policy - outputUnixCIS Red Hat EL7 Server L1 v3.0.1
3.5.3.4 Ensure loopback traffic is configured - loUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
3.5.3.4 Ensure loopback traffic is configured - loUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - forwardUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - forwardUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - inputUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - inputUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - outputUnixCIS Ubuntu Linux 18.04 LTS Server L1 v2.0.1
3.5.3.6 Ensure default deny firewall policy - outputUnixCIS Ubuntu Linux 18.04 LTS Workstation L1 v2.0.1
5.1 Ensure Common SNMP Community Strings are NOT usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.3 Ensure a client list is set for SNMPv1/v2 communitiesJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.4 Ensure routing tables for VPC peering are 'least access' - least accessamazon_awsCIS Amazon Web Services Foundations L2 1.3.0
5.8 Ensure interface restrictions are set for SNMPJuniperCIS Juniper OS Benchmark v2.0.0 L1
5.8 Ensure interface restrictions are set for SNMPJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.9 Ensure SNMP is set to OOB management onlyJuniperCIS Juniper OS Benchmark v2.0.0 L2
5.9 Ensure SNMP is set to OOB management onlyJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.2.6 Ensure Web-Management Interface Restriction is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.7 Ensure Web-Management Interface Restriction is set to OOB ManagementJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.11 Ensure a route table for the public subnets is createdamazon_awsCIS Amazon Web Services Three-tier Web Architecture L1 1.0.0