Detections
Analytics

CIS Cisco ASA 9.x Firewall L1 v1.0.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco ASA 9.x Firewall L1 v1.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Cisco

Revision: 1.8

Estimated Item Count: 77

File Details

Filename: CIS_Cisco_ASA_9.x_Firewall_v1.0.0_L1.audit

Size: 108 kB

MD5: 71e5784362a2d476fa0af1628c20af4d
SHA256: 00e02f27908d34978a772c826687b98681e7acd9f578056d76bd487d949cd19a

Audit Items

DescriptionCategories
1.1.1 Ensure 'Logon Password' is set
1.1.2 Ensure 'Enable Password' is set
1.1.3 Ensure 'Master Key Passphrase' is set
1.1.4 Ensure 'Password Recovery' is disabled
1.1.5 Ensure 'Password Policy' is enabled - lifetime
1.1.5 Ensure 'Password Policy' is enabled - minimum-changes
1.1.5 Ensure 'Password Policy' is enabled - minimum-length
1.1.5 Ensure 'Password Policy' is enabled - minimum-lowercase
1.1.5 Ensure 'Password Policy' is enabled - minimum-numeric
1.1.5 Ensure 'Password Policy' is enabled - minimum-special
1.1.5 Ensure 'Password Policy' is enabled - minimum-uppercase
1.2.1 Ensure 'Domain Name' is set
1.2.2 Ensure 'Host Name' is set
1.2.3 Ensure 'Failover' is enabled
1.2.4 Ensure 'Unused Interfaces' is disable
1.3.1 Ensure 'Image Integrity' is correct
1.3.2 Ensure 'Image Authenticity' is correct
1.4.1.1 Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3'
1.4.1.2 Ensure 'local username and password' is set
1.4.1.3 Ensure known default accounts do not exist
1.4.3.1 Ensure 'aaa authentication enable console' is configured correctly
1.4.3.2 Ensure 'aaa authentication http console' is configured correctly
1.4.3.3 Ensure 'aaa authentication secure-http-client' is configured correctly
1.4.3.4 Ensure 'aaa authentication serial console' is configured correctly
1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly
1.4.4.1 Ensure 'aaa command authorization' is configured correctly
1.4.4.2 Ensure 'aaa authorization exec' is configured correctly
1.4.5.1 Ensure 'aaa accounting command' is configured correctly
1.4.5.2 Ensure 'aaa accounting for SSH' is configured correctly
1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly
1.4.5.4 Ensure 'aaa accounting for EXEC mode' is configured correctly
1.5.1 Ensure 'ASDM banner' is set
1.5.2 Ensure 'EXEC banner' is set
1.5.3 Ensure 'LOGIN banner' is set
1.5.4 Ensure 'MOTD banner' is set
1.6.1 Ensure 'SSH source restriction' is set to an authorized IP address
1.6.2 Ensure 'SSH version 2' is enabled
1.6.5 Ensure 'Telnet' is disabled
1.7.2 Ensure 'TLS 1.2' is set for HTTPS access
1.7.3 Ensure 'SSL AES 256 encryption' is set for HTTPS access
1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes
1.8.2 Ensure 'SSH session timeout' is less than or equal to '5' minutes
1.8.3 Ensure 'HTTP idle timeout' is less than or equal to '5' minutes
1.9.1.1 Ensure 'NTP authentication' is enabled
1.9.1.2 Ensure 'NTP authentication key' is configured correctly
1.9.1.3 Ensure 'trusted NTP server' exists
1.9.2 Ensure 'local timezone' is properly configured
1.10.1 Ensure 'logging' is enabled
1.10.2 Ensure 'logging to Serial console' is disabled
1.10.3 Ensure 'logging to monitor' is disabled