CSCv7|4.2

Title

Change Default Passwords

Description

Before deploying any new asset, change all default passwords to have values consistent with administrative level accounts.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Controlled Use of Administrative Privileges

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
1.1.1 Ensure 'Logon Password' is set	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.1.1 Ensure default password of root is not allowed	F5	CIS F5 Networks v1.0.0 L1
1.1.2 Ensure default password of admin is not used	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Ensure Maximum Login Failures	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - EnsurePassword Memory	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Expiration Warning	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Maximum Duration	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Minimum Duration	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Minimum Password Length	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Required Lowercase	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Required Numeric	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Required Special Characters	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Required Uppercase	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - Secure Password Enforcement	F5	CIS F5 Networks v1.0.0 L1
1.1.3 Configure Secure Password Policy - User Lockout	F5	CIS F5 Networks v1.0.0 L1
1.3.1 Ensure 'Minimum Password Complexity' is enabled	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.2 Ensure 'Minimum Length' is greater than or equal to 12	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.3 Ensure 'Minimum Uppercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.4 Ensure 'Minimum Lowercase Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.5 Ensure 'Minimum Numeric Letters' is greater than or equal to 1	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.7 Ensure 'Required Password Change Period' is less than or equal to 90 days	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3	Palo_Alto	CIS Palo Alto Firewall 8 Benchmark L1 v1.0.0
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.9 Ensure 'Prevent Password Reuse Limit' is set to 24 or more passwords	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 9 v1.1.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 11 v1.0.0 L1
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4.1.3 Ensure known default accounts do not exist	Cisco	CIS Cisco Firewall v8.x L1 v4.2.0
1.4.1.3 Ensure known default accounts do not exist	Cisco	CIS Cisco Firewall ASA 9 L1 v4.1.0
1.4.1.3 Ensure known default accounts do not exist	Cisco	CIS Cisco ASA 9.x Firewall L1 v1.0.0
2.10.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1
2.10.2 Ensure Require Password After Screen Saver Begins or Display Is Turned Off Is Enabled for 5 Seconds or Immediately	Unix	CIS Apple macOS 14.0 Sonoma v1.0.0 L1
2.12.3 Ensure Automatic Login Is Disabled	Unix	CIS Apple macOS 13.0 Ventura v2.0.0 L1

Detections

Analytics

CSCv7|4.2

Title

Description

Reference Item Details

Audit Items