CSCv7|11.2

Title

Document Traffic Configuration Rules

Description

All configuration rules that allow traffic to flow through network devices should be documented in a configuration management system with a specific business reason for each rule, a specific individual's name responsible for that business need, and an expected duration of the need.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v1.3.0 L2
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v2.0.0 L1
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v1.3.0 L1
2.13 Ensure Cloud Asset Inventory Is EnabledGCPCIS Google Cloud Platform v3.0.0 L1
3.1 Ensure that unused policies are reviewed regularlyFortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
3.1.1.3 Configure EIGRP log-adjacency-changesCiscoCIS Cisco NX-OS L2 v1.0.0
3.1.1.3 Configure EIGRP log-adjacency-changesCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L1 v1.0.0
3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protectionsCiscoCIS Cisco NX-OS L2 v1.0.0
3.3 Ensure AWS Config is enabled in all regionsamazon_awsCIS Amazon Web Services Foundations L2 3.0.0
3.4 Ensure Hit count is Enable for the rulesCheckPointCIS Check Point Firewall L2 v1.1.0
3.4 Ensure interface description is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.4 Ensure interface description is setJuniperCIS Juniper OS Benchmark v2.0.0 L1
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Include global resources'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Record all resources supported in this region'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Recording Status'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined S3 Bucket'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'amazon_awsCIS Amazon Web Services Foundations L2 1.4.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'amazon_awsCIS Amazon Web Services Foundations L2 2.0.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'amazon_awsCIS Amazon Web Services Foundations L1 1.3.0
3.5 Ensure AWS Config is enabled in all regions - 'Review defined SNS Topic'amazon_awsCIS Amazon Web Services Foundations L2 1.5.0
3.8 Logging should be enable for all Firewall RulesCheckPointCIS Check Point Firewall L2 v1.1.0
3.13 Ensure VPN traffic goes through the relevant ACLCiscoCIS Cisco ASA 9.x Firewall L2 v1.1.0
4.6 Ensure That IP Forwarding Is Not Enabled on InstancesGCPCIS Google Cloud Platform v3.0.0 L1
4.6 Ensure That IP Forwarding Is Not Enabled on InstancesGCPCIS Google Cloud Platform v1.3.0 L1
4.6 Ensure That IP Forwarding Is Not Enabled on InstancesGCPCIS Google Cloud Platform v2.0.0 L1
4.6 Ensure that IP forwarding is not enabled on InstancesGCPCIS Google Cloud Platform v1.1.0 L1
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.2 (L1) Ensure 'Enable Domain Network Firewall: Default Inbound Action for Domain Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.3 (L1) Ensure 'Enable Domain Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.5 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.6 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.8 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.9 (L1) Ensure 'Enable Private Network Firewall: Default Inbound Action for Private Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Private Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.10 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.11 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
35.16 (L1) Ensure 'Enable Public Network Firewall: Allow Local Ipsec Policy Merge' is set to 'False'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.18 (L1) Ensure 'Enable Public Network Firewall: Default Inbound Action for Public Profile' is set to 'Block'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1
35.19 (L1) Ensure 'Enable Public Network Firewall: Disable Inbound Notifications' is set to 'True'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1