Detections
Analytics

CSCv7|11.1

Title

Maintain Standard Security Configurations for Network Devices

Description

Maintain standard, documented security configuration standards for all authorized network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure DNS server is configuredFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutesCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.11 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.12 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabled - authenticationCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - coldstartCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkdownCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkupCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0