CSCv7|11

Title

Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.1 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.1.2 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.1.2 Ensure 'Login Banner' is setPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.6 Ensure maximum RAM is installedJuniperCIS Juniper OS Benchmark v2.1.0 L1
1.6.1 Ensure 'Verify Update Server Identity' is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.6.1 Ensure 'Verify Update Server Identity' is enabledPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.6.1 Ensure 'Verify Update Server Identity' is enabledPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.8 Ensure Retired JUNOS Devices are Disposed of SecurelyJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.1 Ensure a fully-synchronized High Availability peer is configuredPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.1 Ensure a fully-synchronized High Availability peer is configuredPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
3.1 Ensure a fully-synchronized High Availability peer is configuredPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
3.1.2 Set 'no ip proxy-arp'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.1.2 Set 'no ip proxy-arp'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.1.3 Set 'no interface tunnel'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.1.3 Set 'no interface tunnel'CiscoCIS Cisco IOS 16 L1 v1.1.2
3.1.3.1 Set Interfaces with no Peers to Passive-InterfaceCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.3.1 Set Interfaces with no Peers to Passive-InterfaceCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.3.2 Authenticate OSPF peers with MD5 authentication keysCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.3.3 Log OSPF Adjacency ChangesCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.3.3 Log OSPF Adjacency ChangesCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.4 Set 'ip verify unicast source reachable-via'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.1.4 Set 'ip verify unicast source reachable-via'CiscoCIS Cisco IOS 16 L1 v1.1.2
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path MonitoringPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Link Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
3.2 Ensure 'High Availability' requires Link Monitoring and/or Path Monitoring - Path Monitoring Failure ConditionPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
3.2.1 Ensure VRRP authentication-key is setJuniperCIS Juniper OS Benchmark v2.1.0 L2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'CiscoCIS Cisco IOS 16 L2 v1.1.2
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'CiscoCIS Cisco IOS 15 L2 v4.1.1
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'CiscoCIS Cisco IOS 16 L2 v1.1.2