Detections
Analytics

CSCv7|11.6

Title

Use Dedicated Machines For All Network Administrative Tasks

Description

Ensure network engineers use a dedicated machine for all administrative tasks or tasks requiring elevated access. This machine shall be segmented from the organization's primary network and not be allowed Internet access. This machine shall not be used for reading e-mail, composing documents, or surfing the Internet.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.2.2 Restrict Access to VTY Sessions - line vty access-classCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.2 Restrict Access to VTY Sessions - line vty access-classCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.2 Restrict Access to VTY Sessions - VTY ACLCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.2 Restrict Access to VTY Sessions - VTY ACLCiscoCIS Cisco NX-OS L2 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - ACLCiscoCIS Cisco NX-OS L1 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - snmp-serverCiscoCIS Cisco NX-OS L1 v1.0.0
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP addressCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.6.2 Ensure 'SSH version 2' is enabledCiscoCIS Cisco ASA 9.x Firewall L1 v1.0.0
1.6.2 Ensure 'SSH version 2' is enabledCiscoCIS Cisco Firewall v8.x L1 v4.2.0
1.6.2 Ensure 'SSH version 2' is enabledCiscoCIS Cisco Firewall ASA 9 L1 v4.1.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - loggingCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - loggingCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - ntpCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - ntpCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server hostCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server hostCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server traps/informsCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server traps/informsCiscoCIS Cisco NX-OS L1 v1.0.0
2.4.2 Ensure all the login accounts having specific trusted hosts enabledFortiGateCIS Fortigate 7.0.x Level 1 v1.2.0