CSCv7|11.3

Title

Use Automated Tools to Verify Standard Device Configurations and Detect Changes

Description

Compare all network device configuration against approved security configurations defined for each network device in use and alert when any deviations are discovered.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4.5.1 Ensure 'aaa accounting command' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.1 Ensure 'aaa command accounting' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.1 Ensure 'aaa command accounting' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.3 Ensure 'aaa accounting for EXEC mode' is configured correctly	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.1.0
1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.8.2 Disable iPXE (Pre-boot eXecution Environment)	Cisco	CIS Cisco NX-OS L2 v1.1.0
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Domain Controller Level 1 v3.3.1
18.5.11.1 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Member Server Level 1 v3.3.1
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.5.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2008 R2 Domain Controller Level 1 v3.3.1
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.5.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 MS L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 R2 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1 BitLocker
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 DC L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2 BitLocker
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2025 v1.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L1
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Windows Server 2012 MS L1 v3.0.0
18.6.11.2 (L1) Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v4.0.0 L2
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Domain Controller
18.6.11.2 Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'	Windows	CIS Microsoft Windows Server 2022 STIG v2.0.0 L1 Member Server

Detections

Analytics

CSCv7|11.3

Title

Description

Reference Item Details

Audit Items