CIS Cisco IOS 12 L1 v4.0.0

Audit Details

Name: CIS Cisco IOS 12 L1 v4.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: Cisco

Revision: 1.21

Estimated Item Count: 55

File Details

Filename: CIS_Cisco_IOS_12_v4.0.0_Level_1.audit

Size: 78.3 kB

MD5: 618ec8a09764f073603884dbfc4b789a
SHA256: 85d5bd042d5ab35b6779da3fd8a60cc1c11b945963a630d0e4f3af0e206ae4a5

Audit Items

DescriptionCategories
1.1.1 Enable 'aaa new-model'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.1.2 Enable 'aaa authentication login'

IDENTIFICATION AND AUTHENTICATION

1.1.3 Enable 'aaa authentication enable default'

IDENTIFICATION AND AUTHENTICATION

1.1.4 Set 'login authentication for 'line con 0'

IDENTIFICATION AND AUTHENTICATION

1.1.5 Set 'login authentication for 'line tty'

IDENTIFICATION AND AUTHENTICATION

1.1.6 Set 'login authentication for 'line vty'

IDENTIFICATION AND AUTHENTICATION

1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'

ACCESS CONTROL

1.2.2 Set 'transport input ssh' for 'line vty' connections

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.3 Set 'no exec' for 'line aux 0'

CONFIGURATION MANAGEMENT

1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.5 Set 'access-class' for 'line vty'

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'

ACCESS CONTROL

1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'

ACCESS CONTROL

1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'

ACCESS CONTROL

1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'

ACCESS CONTROL

1.2.10 Set 'transport input none' for 'line aux 0'

CONFIGURATION MANAGEMENT

1.3.1 Set the 'banner-text' for 'banner exec'

ACCESS CONTROL

1.3.2 Set the 'banner-text' for 'banner login'

ACCESS CONTROL

1.3.3 Set the 'banner-text' for 'banner motd'

ACCESS CONTROL

1.4.1 Set 'password' for 'enable secret'

IDENTIFICATION AND AUTHENTICATION

1.4.2 Enable 'service password-encryption'

IDENTIFICATION AND AUTHENTICATION

1.4.3 Set 'username secret' for all local users

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.1 Set 'no snmp-server' to disable SNMP when unused

SYSTEM AND INFORMATION INTEGRITY

1.5.2 Unset 'private' for 'snmp-server community'

IDENTIFICATION AND AUTHENTICATION

1.5.3 Unset 'public' for 'snmp-server community'

IDENTIFICATION AND AUTHENTICATION

1.5.4 Do not set 'RW' for any 'snmp-server community'

SYSTEM AND INFORMATION INTEGRITY

1.5.5 Set the ACL for each 'snmp-server community'

ACCESS CONTROL

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.7 Set 'snmp-server host' when using SNMP

ACCESS CONTROL

1.5.8 Set 'snmp-server enable traps snmp'

CONFIGURATION MANAGEMENT

2.1.1.1.1 Set the 'hostname'

CONFIGURATION MANAGEMENT

2.1.1.1.2 Set the 'ip domain name'

CONFIGURATION MANAGEMENT

2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'

IDENTIFICATION AND AUTHENTICATION

2.1.1.1.4 Set 'seconds' for 'ip ssh timeout'

IDENTIFICATION AND AUTHENTICATION

2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries'

ACCESS CONTROL

2.1.1.2 Set version 2 for 'ip ssh version'

CONFIGURATION MANAGEMENT

2.1.2 Set 'no cdp run'

CONFIGURATION MANAGEMENT

2.1.3 Set 'no ip bootp server'

CONFIGURATION MANAGEMENT

2.1.4 Set 'no service dhcp'

CONFIGURATION MANAGEMENT

2.1.5 Set 'no ip identd'

CONFIGURATION MANAGEMENT

2.1.6 Set 'service tcp-keepalives-in'

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.7 Set 'service tcp-keepalives-out'

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.8 Set 'no service pad'

CONFIGURATION MANAGEMENT

2.2.1 Set 'logging on'

AUDIT AND ACCOUNTABILITY

2.2.2 Set 'buffer size' for 'logging buffered'

AUDIT AND ACCOUNTABILITY

2.2.3 Set 'logging console critical'

AUDIT AND ACCOUNTABILITY

2.2.4 Set IP address for 'logging host'

AUDIT AND ACCOUNTABILITY

2.2.5 Set 'logging trap informational'

AUDIT AND ACCOUNTABILITY