1.1.7 Set 'aaa accounting' to log all privileged use commands using 'commands 15' | AUDIT AND ACCOUNTABILITY |
1.1.8 Set 'aaa accounting connection' | AUDIT AND ACCOUNTABILITY |
1.1.9 Set 'aaa accounting exec' | AUDIT AND ACCOUNTABILITY |
1.1.10 Set 'aaa accounting network' | AUDIT AND ACCOUNTABILITY |
1.1.11 Set 'aaa accounting system' | AUDIT AND ACCOUNTABILITY |
1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3 | SYSTEM AND COMMUNICATIONS PROTECTION |
1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3 | IDENTIFICATION AND AUTHENTICATION |
2.3.1.1 Set 'ntp authenticate' | IDENTIFICATION AND AUTHENTICATION |
2.3.1.2 Set 'ntp authentication-key' | CONFIGURATION MANAGEMENT |
2.3.1.3 Set the 'ntp trusted-key' | IDENTIFICATION AND AUTHENTICATION |
2.3.1.4 Set 'key' for each 'ntp server' | AUDIT AND ACCOUNTABILITY |
2.4.1 Create a single 'interface loopback' - 'Only one loopback interface IP Address is defined' | CONFIGURATION MANAGEMENT |
2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined' | CONFIGURATION MANAGEMENT |
2.4.2 Set AAA 'source-interface' | SYSTEM AND COMMUNICATIONS PROTECTION |
2.4.3 Require Binding NTP Service to Loopback Interface - 'NTP/SNTP is bound to loopback' | CONFIGURATION MANAGEMENT |
2.4.3 Set 'ntp source' to Loopback Interface - 'NTP/SNTP is bound to loopback' | AUDIT AND ACCOUNTABILITY |
2.4.4 Set 'ip tftp source-interface' to the Loopback Interface | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.2 Set 'no ip proxy-arp' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
3.1.3 Set 'no interface tunnel' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.1.4 Set 'ip verify unicast source reachable-via' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks -'External interface has ACL applied' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.2.2 Set inbound 'ip access-group' on the External Interface | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1.1 Set 'key chain' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.2 Set 'key' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.3 Set 'key-string' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.4 Set 'address-family ipv4 autonomous-system' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.5 Set 'af-interface default' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.6 Set 'authentication key-chain' | IDENTIFICATION AND AUTHENTICATION |
3.3.1.7 Set 'authentication mode md5' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1.8 Set 'ip authentication key-chain eigrp' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.1.9 Set 'ip authentication mode eigrp' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.2.1 Set 'authentication message-digest' for OSPF area | IDENTIFICATION AND AUTHENTICATION |
3.3.2.2 Set 'ip ospf message-digest-key md5' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.3.1 Set 'key chain' | IDENTIFICATION AND AUTHENTICATION |
3.3.3.2 Set 'key' | IDENTIFICATION AND AUTHENTICATION |
3.3.3.3 Set 'key-string' | IDENTIFICATION AND AUTHENTICATION |
3.3.3.4 Set 'ip rip authentication key-chain' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.3.5 Set 'ip rip authentication mode' to 'md5' | SYSTEM AND COMMUNICATIONS PROTECTION |
3.3.4.1 Set 'neighbor password' | IDENTIFICATION AND AUTHENTICATION |