CSCv7|11.5

Title

Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions

Description

Manage all network devices using multi-factor authentication and encrypted sessions.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.3 Configure SNMPv3 - engineIDCiscoCIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - engineIDCiscoCIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - group v3CiscoCIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - group v3CiscoCIS Cisco NX-OS L1 v1.0.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't existFortiGateCIS Fortigate Level 2 v1.0.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user existFortiGateCIS Fortigate Level 2 v1.0.0
3.1.3 Forbid Dial in AccessJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.6.13 Ensure SSH Key Authentication is not set for User LoginsJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.6.14 Ensure Multi-Factor is used with External AAAJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.9.3 Ensure SSH Key Authentication is not set for Root LoginJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is RequiredJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2JuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.3 Ensure SSH Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is ConfiguredJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.5 Ensure Remote Root-Login is denied via SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restrictionJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphersJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.8 Ensure Strong MACs are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restrictionJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchangeJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keysJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA KeyJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.13 Ensure SSH Key Authentication is DisabledJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.2.1 Ensure Web-Management is not Set to HTTPJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.2 Ensure Web-Management is Set to use HTTPSJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.3 Ensure Web-Management is Set to use PKI Certificate for HTTPSJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.2.4 Ensure Idle Timeout is Set for Web-ManagementJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.5 Ensure Session Limited is Set for Web-ManagementJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.3.1 Ensure XNM-Clear-Text Service is Not SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.3.2 Ensure XNM-SSL Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.3.3 Ensure XNM-SSL Rate Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.3.4 Ensure XNM-SSL SSLv3 Support is Not SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.4.1 Ensure NETCONF Rate Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.4.2 Ensure NETCONF Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.1 Ensure REST is Not Set to HTTPJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.2 Ensure REST is Set to HTTPSJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.3 Ensure REST is Set to use PKI Certificate for HTTPSJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.5.4 Ensure REST HTTPS is Set to use Mutual AuthenticationJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.5.5 Ensure REST HTTPS Cipher List is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.5.6 Ensure REST HTTPS Cipher List is Set to Suite B OnlyJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.6 Ensure Telnet is Not SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.7 Ensure Reverse Telnet is Not SetJuniperCIS Juniper OS Benchmark v2.1.0 L1