Detections
Analytics

CSCv7|11.7

Title

Manage Network Infrastructure Through a Dedicated Network

Description

Manage the network infrastructure across network connections that are separated from the business use of that network, relying on separate VLANs or, preferably, on entirely different physical connectivity for management sessions for network devices.

Reference Item Details

Category: Secure Configuration for Network Devices, such as Firewalls, Routers and Switches

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.2.1 Ensure 'Permitted IP Addresses' is set to those necessary for device managementPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.2.1 Restrict Access to VTY SessionsCiscoCIS Cisco NX-OS L1 v1.1.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 10 v1.2.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabledPalo_AltoCIS Palo Alto Firewall 11 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - HTTPSPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SNMPPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.2 Ensure 'Permitted IP Addresses' is set for all management profiles where SSH, HTTPS, or SNMP is enabled - SSHPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
1.2.4 Create 'access-list' for use with 'line vty'CiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.2.4 Create 'access-list' for use with 'line vty'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.2.5 Set 'access-class' for 'line vty'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.2 If SNMPv2 is in use, set Restrictions on AccessCiscoCIS Cisco NX-OS L1 v1.1.0
1.5.4 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.5 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.5.5 Set the ACL for each 'snmp-server community'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMPCiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.5.6 Create an 'access-list' for use with SNMPCiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.6 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.7 Set 'snmp-server host' when using SNMPCiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS 15 L1 v4.1.1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XE 16.x v2.1.0 L1
1.5.8 Set 'snmp-server enable traps snmp'CiscoCIS Cisco IOS XE 17.x v2.1.1 L1
1.6.2 Restrict VTY AccessCiscoCIS Cisco IOS XR 7.x v1.0.0 L1
1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative FunctionsCiscoCIS Cisco NX-OS L2 v1.1.0
1.12 (L2) Host integrated hardware management controller must deactivate internal networkingVMwareCIS VMware ESXi 8.0 v1.1.0 L2
2.4.2 Ensure all the login accounts having specific trusted hosts enabledFortiGateCIS Fortigate 7.0.x v1.3.0 L1
3.1 Enable the Firewall Stealth RuleCheckPointCIS Check Point Firewall L2 v1.1.0
3.1.1 Ensure Caller ID is setJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.1.2 Ensure access profile is set to use CHAPJuniperCIS Juniper OS Benchmark v2.1.0 L1
3.2 Ensure SharePoint implements an information system isolation boundary that minimizes the number of non-security functions included within the boundary containing security functions.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
3.3 Ensure SharePoint implements security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.WindowsCIS Microsoft SharePoint 2019 OS v1.0.0
5.1 Ensure Common SNMP Community Strings are NOT usedJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.3 Ensure a client list is set for SNMPv1/v2 communitiesJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.8 Ensure interface restrictions are set for SNMPJuniperCIS Juniper OS Benchmark v2.1.0 L1
5.9 Ensure SNMP is set to OOB management onlyJuniperCIS Juniper OS Benchmark v2.1.0 L2