CSCv7|11.5

Title

Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions

Description

Manage all network devices using multi-factor authentication and encrypted sessions.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.4 Ensure Exec Timeout for Console Sessions is setCiscoCIS Cisco NX-OS L1 v1.1.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - TelnetPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.7 Disable the Telnet FeatureCiscoCIS Cisco NX-OS L1 v1.1.0
1.4.3 Configure SNMPv3 - engineIDCiscoCIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - engineIDCiscoCIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - group v3CiscoCIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - group v3CiscoCIS Cisco NX-OS L2 v1.0.0
1.5.3 Configure SNMPv3CiscoCIS Cisco NX-OS L2 v1.1.0
2.3.1 Ensure only SNMPv3 is enabledFortiGateCIS Fortigate 7.0.x v1.3.0 L2
2.3.1 Ensure only SNMPv3 is enabledFortiGateCIS Fortigate 7.0.x Level 2 v1.2.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't existFortiGateCIS Fortigate Level 2 v1.1.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv1/snmpv2c communities don't existFortiGateCIS Fortigate Level 2 v1.0.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user existFortiGateCIS Fortigate Level 2 v1.1.0
2.3.2 Ensure only SNMPv3 is enabled - snmpv3 user existFortiGateCIS Fortigate Level 2 v1.0.0
3.1.3 Forbid Dial in AccessJuniperCIS Juniper OS Benchmark v2.0.0 L2
3.1.3 Forbid Dial in AccessJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is RequiredJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is RequiredJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2JuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2JuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.3 Ensure SSH Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.3 Ensure SSH Connection Limit is SetJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is ConfiguredJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is ConfiguredJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.5 Ensure Remote Root-Login is denied via SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSHJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restrictionJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restrictionJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphersJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphersJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.8 Ensure Strong MACs are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.8 Ensure Strong MACs are set for SSHJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSHJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restrictionJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restrictionJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchangeJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchangeJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSHJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSHJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keysJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keysJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA KeyJuniperCIS Juniper OS Benchmark v2.0.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA KeyJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.1.13 Ensure SSH Key Authentication is DisabledJuniperCIS Juniper OS Benchmark v2.1.0 L2
6.10.2.1 Ensure Web-Management is not Set to HTTPJuniperCIS Juniper OS Benchmark v2.0.0 L1
6.10.2.1 Ensure Web-Management is not Set to HTTPJuniperCIS Juniper OS Benchmark v2.1.0 L1
6.10.2.2 Ensure Web-Management is Set to use HTTPSJuniperCIS Juniper OS Benchmark v2.1.0 L1