CSCv6|16.13

Title

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

Description

Ensure that all account usernames and authentication credentials are transmitted across networks using encrypted channels.

Reference Item Details

Reference: CIS Critical Security Controls v6

Category: Account Monitoring and Control

Family: Application

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.1.7 Set 'Store passwords using reversible encryption' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.2 Ensure 'Enable Password' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.3.10.11 Configure 'Network access: Do not allow storage of passwords and credentials for network authentication'	Windows	CIS Windows 8 L1 v1.0.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
1.1.6 Ensure 'Store passwords using reversible encryption' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management Interface	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the Management Interface	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
1.2.3 Ensure HTTP and Telnet options are disabled for the management interface	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L2 v1.0.0
1.2.4 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L2 v1.0.0
1.2.4.6.1 Set 'Disallow Digest authentication' to 'Enabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.3 Set 'Allow Basic authentication' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.4.6.5 Set 'Allow unencrypted traffic' to 'Disabled'	Windows	CIS Windows 8 L1 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Authentication Profile	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificate Profiles	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
1.2.5 Ensure valid certificate is set for browser-based administrator interface - Certificates	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L2 v1.0.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 2 v3.3.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 2 v3.3.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
2.3.10.4 Ensure 'Network access: Do not allow storage of passwords and credentials for network authentication' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
2.6 Ensure transport layer security for 'basic authentication' is configured	Windows	CIS IIS 7 L1 v1.8.0
2.7 Ensure 'passwordFormat' is not set to clear - Applications	Windows	CIS IIS 7 L1 v1.8.0
2.7 Ensure 'passwordFormat' is not set to clear - Default	Windows	CIS IIS 7 L1 v1.8.0
2.8 Ensure 'credentials' are not stored in configuration files - Applications	Windows	CIS IIS 7 L2 v1.8.0
2.8 Ensure 'credentials' are not stored in configuration files - Default	Windows	CIS IIS 7 L2 v1.8.0
6.3.4 Upgrade Password Hashing Algorithm to SHA-512	Unix	CIS Red Hat Enterprise Linux 5 L1 v2.2.1
18.9.97.1.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Client	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.1.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Client	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.1.2 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Client	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.1.2 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Client	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.1.3 (L1) Ensure 'Disallow Digest authentication' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.1.3 Ensure 'Disallow Digest authentication' is set to 'Enabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.2.1 (L1) Ensure 'Allow Basic authentication' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Service	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.97.2.1 Ensure 'Allow Basic authentication' is set to 'Disabled' - Service	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.2.3 (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.9.97.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Service	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.97.2.3 Ensure 'Allow unencrypted traffic' is set to 'Disabled' - Service	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0

Detections

Analytics

CSCv6|16.13

Title

Description

Reference Item Details

Audit Items