Name: CIS Cisco ASA 9.x Firewall L2 v1.1.0
Updated: 6/17/2024
Authority: CIS
Plugin: Cisco
Revision: 1.0
Estimated Item Count: 14
Filename: CIS_Cisco_ASA_9.x_Firewall_v1.1.0_L2.audit
Size: 41.1 kB
Description | Categories |
---|---|
1.4.2.1 Ensure 'TACACS+/RADIUS' is configured correctly | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
1.6.3 Ensure 'RSA key pair' is greater than or equal to 2048 bits | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
1.6.4 Ensure 'SCP protocol' is set to Enable for files transfers | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.7.1 Ensure 'HTTP source restriction' is set to an authorized IP address | CONFIGURATION MANAGEMENT, MAINTENANCE |
2.1.1 Ensure 'OSPF authentication' is enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.2 Ensure 'EIGRP authentication' is enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.1.3 Ensure 'BGP authentication' is enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.2 Ensure 'noproxyarp' is enabled for untrusted interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.3 Ensure 'DNS Guard' is enabled | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.9 Ensure Botnet protection is enabled for untrusted interfaces | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.10 Ensure ActiveX filtering is enabled | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.11 Ensure Java applet filtering is enabled | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
3.13 Ensure VPN traffic goes through the relevant ACL | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT |
CIS_Cisco_ASA_9.x_Firewall_v1.1.0_L2.audit from CIS Cisco ASA 9.x Firewall Benchmark v1.1.0 |