CSCv7|11.1

Title

Maintain Standard Security Configurations for Network Devices

Description

Maintain standard, documented security configuration standards for all authorized network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure DNS server is configured - dns server 1FortiGateCIS Fortigate Level 1 v1.0.0
1.1 Ensure DNS server is configured - dns server 2FortiGateCIS Fortigate Level 1 v1.0.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L2 v1.0.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.11 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.12 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - authenticationCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - authenticationCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabled - coldstartCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabled - coldstartCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkdownCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkdownCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabled - linkupCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabled - linkupCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0