CSCv7|11.7

Title

Manage Network Infrastructure Through a Dedicated Network

Description

Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 10 v1.0.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.0.1 L1
1.2.2 Restrict Access to VTY Sessions - line vty access-classCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.2 Restrict Access to VTY Sessions - line vty access-classCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.2 Restrict Access to VTY Sessions - VTY ACLCiscoCIS Cisco NX-OS L1 v1.0.0
1.2.2 Restrict Access to VTY Sessions - VTY ACLCiscoCIS Cisco NX-OS L2 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.4.2 If SNMPv2 is in use, set Restrictions on Access - ACLCiscoCIS Cisco NX-OS L1 v1.0.0
1.4.2 If SNMPv2 is in use, set Restrictions on Access - snmp-serverCiscoCIS Cisco NX-OS L1 v1.0.0
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 16 L1 v1.1.2
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 17 L1 v1.0.0
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 17 L1 v1.0.0
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 16 L1 v1.1.2
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - loggingCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - loggingCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - ntpCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - ntpCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server hostCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server hostCiscoCIS Cisco NX-OS L1 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server traps/informsCiscoCIS Cisco NX-OS L2 v1.0.0
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions - snmp-server traps/informsCiscoCIS Cisco NX-OS L1 v1.0.0