CSCv7|11.5

Title

Manage Network Devices Using Multi-Factor Authentication and Encrypted Sessions

Description

Manage all network devices using multi-factor authentication and encrypted sessions.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - HTTP	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.4 Ensure HTTP and Telnet options are disabled for all management profiles - Telnet	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.4.3 Configure SNMPv3 - engineID	Cisco	CIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - engineID	Cisco	CIS Cisco NX-OS L1 v1.0.0
1.4.3 Configure SNMPv3 - group v3	Cisco	CIS Cisco NX-OS L2 v1.0.0
1.4.3 Configure SNMPv3 - group v3	Cisco	CIS Cisco NX-OS L1 v1.0.0
2.3.1 Ensure only SNMPv3 is enabled	FortiGate	CIS Fortigate 7.0.x Level 2 v1.2.0
3.1.3 Forbid Dial in Access	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.6.13 Ensure SSH Key Authentication is not set for User Logins	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.6.14 Ensure Multi-Factor is used with External AAA	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.9.3 Ensure SSH Key Authentication is not set for Root Login	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.1 Ensure SSH Service is Configured if Remote CLI is Required	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.2 Ensure SSH is Restricted to Version 2	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.3 Ensure SSH Connection Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.4 Ensure SSH Rate Limit is Configured	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.5 Ensure Remote Root-Login is denied via SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.6 Ensure Strong Ciphers are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - ciphers restriction	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.7 Ensure Only Suite B Ciphers are set for SSH - weak ciphers	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.8 Ensure Strong MACs are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.9 Ensure Strong Key Exchange Methods are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - key-exchange restriction	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.10 Ensure Only Suite B Key Exchange Methods are set for SSH - weak key-exchange	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.11 Ensure Strong Key Signing Algorithms are set for SSH	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - DSA keys	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.12 Ensure Only Suite B Based Key Signing Algorithms are set for SSH - ECDSA Key	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.1.13 Ensure SSH Key Authentication is Disabled	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.2.1 Ensure Web-Management is not Set to HTTP	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.2.2 Ensure Web-Management is Set to use HTTPS	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.2.3 Ensure Web-Management is Set to use PKI Certificate for HTTPS	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.2.4 Ensure Idle Timeout is Set for Web-Management	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.2.5 Ensure Session Limited is Set for Web-Management	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.3.1 Ensure XNM-Clear-Text Service is Not Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.3.2 Ensure XNM-SSL Connection Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.3.3 Ensure XNM-SSL Rate Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.3.4 Ensure XNM-SSL SSLv3 Support is Not Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.4.1 Ensure NETCONF Rate Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.4.2 Ensure NETCONF Connection Limit is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.5.1 Ensure REST is Not Set to HTTP	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.5.2 Ensure REST is Set to HTTPS	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.5.3 Ensure REST is Set to use PKI Certificate for HTTPS	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.5.4 Ensure REST HTTPS is Set to use Mutual Authentication	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.5.5 Ensure REST HTTPS Cipher List is Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.5.6 Ensure REST HTTPS Cipher List is Set to Suite B Only	Juniper	CIS Juniper OS Benchmark v2.1.0 L2
6.10.6 Ensure Telnet is Not Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1
6.10.7 Ensure Reverse Telnet is Not Set	Juniper	CIS Juniper OS Benchmark v2.1.0 L1

Detections

Analytics

CSCv7|11.5

Title

Description

Reference Item Details

Audit Items