Detections
Analytics

CSCv7|11.1

Title

Maintain Standard Security Configurations for Network Devices

Description

Maintain standard, documented security configuration standards for all authorized network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 Ensure DNS server is configuredFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0
1.1 Ensure DNS server is configuredFortiGateCIS Fortigate 7.0.x v1.3.0 L1
1.1 Ensure DNS server is configured - dns server 1FortiGateCIS Fortigate Level 1 v1.1.0
1.1 Ensure DNS server is configured - dns server 1FortiGateCIS Fortigate Level 1 v1.0.0
1.1 Ensure DNS server is configured - dns server 2FortiGateCIS Fortigate Level 1 v1.0.0
1.1 Ensure DNS server is configured - dns server 2FortiGateCIS Fortigate Level 1 v1.1.0
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v2.1.0 L1
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v1.5.0 L1
1.2.1 Ensure Trusted Locations Are Definedmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L1
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.2 Ensure 'Host Name' is setCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.3 Ensure 'Failover' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.2.4 Ensure 'Unused Interfaces' is disableCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.10.2 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.2 Ensure 'logging to Serial console' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.3 Ensure 'logging to monitor' is disabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.3 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.4 Ensure 'syslog hosts' is configured correctlyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.10 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.10.11 Ensure 'logging trap severity level' is greater than or equal to '5'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.10.11 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.10.12 Ensure email logging is configured for critical to emergencyCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.1 Ensure 'snmp-server group' is set to 'v3 priv'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.2 Ensure 'snmp-server user' is set to 'v3 auth SHA'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.3 Ensure 'snmp-server host' is set to 'version 3'CiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.11.4 Ensure 'SNMP traps' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.4 Ensure 'SNMP traps' is enabled - authenticationCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - coldstartCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkdownCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.4 Ensure 'SNMP traps' is enabled - linkupCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.11.5 Ensure 'SNMP community string' is not the default stringCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0