Detections
Analytics

CSCv7|11.1

Title

Maintain Standard Security Configurations for Network Devices

Description

Maintain standard, documented security configuration standards for all authorized network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure DNS server is configuredFortiGateCIS Fortigate 7.0.x v1.3.0 L1
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.6 Set the Maximum Number of VTY SessionsCiscoCIS Cisco NX-OS L1 v1.1.0
1.2.7 Disable the Telnet FeatureCiscoCIS Cisco NX-OS L1 v1.1.0
1.3.1 Pre-authentication BannerCiscoCIS Cisco NX-OS L1 v1.1.0
1.3.2 Post-authentication BannerCiscoCIS Cisco NX-OS L1 v1.1.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bitsCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfersCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.5 Ensure 'Telnet' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.7.1 Pre-authentication BannerCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.10.2 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.10 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.12 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabled - authenticationCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - coldstartCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkdownCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkupCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0