CSCv7|11.2

Title

Document Traffic Configuration Rules

Description

All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual's name responsible for that business need, and an expected duration of the need.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v2.0.0 L1
3.1 Ensure that unused policies are reviewed regularlyFortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
3.1.1.3 Configure EIGRP log-adjacency-changesCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.1.3 Configure EIGRP log-adjacency-changesCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.0.0
3.4 Ensure Hit count is Enable for the rulesCheckPointCIS Check Point Firewall L2 v1.1.0
3.4 Ensure interface description is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Recording Status'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.8 Logging should be enable for all Firewall RulesCheckPointCIS Check Point Firewall L2 v1.1.0
4.6 Ensure That IP Forwarding Is Not Enabled on InstancesGCPCIS Google Cloud Platform v2.0.0 L1
4.9 Ensure AWS Config configuration changes are monitoredamazon_awsCIS Amazon Web Services Foundations L2 2.0.0
6.6 Ensure that Network Watcher is 'Enabled'microsoft_azureCIS Microsoft Azure Foundations v2.0.0 L2
7.1 Ensure an Azure Bastion Host Existsmicrosoft_azureCIS Microsoft Azure Foundations v2.0.0 L2
9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 STIG DC STIG v1.1.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Windows Server 2012 R2 DC L1 v3.0.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG DC STIG v1.0.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 STIG MS STIG v1.1.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG MS STIG v1.0.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
9.1.2 Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL