Detections
Analytics

CSCv7|11.2

Title

Document Traffic Configuration Rules

Description

All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual's name responsible for that business need, and an expected duration of the need.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v3.0.0 L1
3.1 Ensure that unused policies are reviewed regularlyFortiGateCIS Fortigate 7.0.x v1.3.0 L2
3.1.1.3 Configure EIGRP log-adjacency-changesCiscoCIS Cisco NX-OS L1 v1.1.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.1.0
3.4 Ensure Hit count is Enable for the rulesCheckPointCIS Check Point Firewall L2 v1.1.0
3.4 Ensure interface description is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.8 Logging should be enable for all Firewall RulesCheckPointCIS Check Point Firewall L2 v1.1.0
3.13 Ensure VPN traffic goes through the relevant ACLCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
4.6 Ensure That IP Forwarding Is Not Enabled on InstancesGCPCIS Google Cloud Platform v3.0.0 L1
4.9 Ensure AWS Config configuration changes are monitoredamazon_awsCIS Amazon Web Services Foundations v4.0.1 L2
7.6 Ensure that Network Watcher is 'Enabled' for Azure Regions that are in usemicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
8.1 Ensure an Azure Bastion Host Existsmicrosoft_azureCIS Microsoft Azure Foundations v3.0.0 L2
9.1.1 (L1) Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
9.1.1 Ensure 'Windows Firewall: Domain: Firewall state' is set to 'On (recommended)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 L1 MS
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Windows Server 2012 DC L1 v3.0.0
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L2
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Windows Server 2012 R2 MS L1 v3.0.0
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG DC
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows Server 2019 STIG v3.0.0 STIG MS
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1
9.1.2 (L1) Ensure 'Windows Firewall: Domain: Inbound connections' is set to 'Block (default)'WindowsCIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.5 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.6 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.8 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.9 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.11 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.16 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.18 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.19 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1