CIS Cisco IOS 15 L1 v4.1.1

Audit Details

Name: CIS Cisco IOS 15 L1 v4.1.1

Updated: 6/17/2024

Authority: CIS

Plugin: Cisco

Revision: 1.7

Estimated Item Count: 58

File Details

Filename: CIS_Cisco_IOS_15_v4.1.1_Level_1.audit

Size: 138 kB

MD5: 19b03c96fcf7b0d0e0fa9f41e1d316ba
SHA256: 7337babc84900afb2e96756b2574b1c855aa864e8a908a31f560e8478df47fde

Audit Items

DescriptionCategories
1.1.1 Enable 'aaa new-model'

ACCESS CONTROL

1.1.2 Enable 'aaa authentication login'

ACCESS CONTROL

1.1.3 Enable 'aaa authentication enable default'

ACCESS CONTROL

1.1.4 Set 'login authentication for 'line con 0'

ACCESS CONTROL

1.1.5 Set 'login authentication for 'line tty'

ACCESS CONTROL

1.1.6 Set 'login authentication for 'line vty'

ACCESS CONTROL

1.2.1 Set 'privilege 1' for local users - 'All users have encrypted passwords'

ACCESS CONTROL

1.2.1 Set 'privilege 1' for local users - 'No users with privileges 2-15'

ACCESS CONTROL

1.2.2 Set 'transport input ssh' for 'line vty' connections

IDENTIFICATION AND AUTHENTICATION

1.2.3 Set 'no exec' for 'line aux 0'

SYSTEM AND INFORMATION INTEGRITY

1.2.4 Create 'access-list' for use with 'line vty' - 'ACL deny is configured'

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.2.4 Create 'access-list' for use with 'line vty' - 'ACL permit tcp is configured'

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.2.5 Set 'access-class' for 'line vty'

ACCESS CONTROL, SYSTEM AND INFORMATION INTEGRITY

1.2.6 Set 'exec-timeout' to less than or equal to 10 minutes for 'line aux 0'

ACCESS CONTROL

1.2.7 Set 'exec-timeout' to less than or equal to 10 minutes 'line console 0'

ACCESS CONTROL

1.2.8 Set 'exec-timeout' less than or equal to 10 minutes 'line tty'

ACCESS CONTROL

1.2.9 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'

ACCESS CONTROL

1.2.10 Set 'exec-timeout' to less than or equal to 10 minutes 'line vty'

ACCESS CONTROL

1.2.11 Set 'transport input none' for 'line aux 0'

ACCESS CONTROL

1.3.1 Set the 'banner-text' for 'banner exec'

ACCESS CONTROL

1.3.2 Set the 'banner-text' for 'banner login'

ACCESS CONTROL

1.3.3 Set the 'banner-text' for 'banner motd'

ACCESS CONTROL

1.4.1 Set 'password' for 'enable secret'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.2 Enable 'service password-encryption'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.4.3 Set 'username secret' for all local users

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.1 Set 'no snmp-server' to disable SNMP when unused

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.2 Unset 'private' for 'snmp-server community'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.3 Unset 'public' for 'snmp-server community'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.4 Do not set 'RW' for any 'snmp-server community'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.5 Set the ACL for each 'snmp-server community'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP deny secured by ACL'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.6 Create an 'access-list' for use with SNMP - 'SNMP permit secured by ACL'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.7 Set 'snmp-server host' when using SNMP

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

1.5.8 Set 'snmp-server enable traps snmp'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.1 Set the 'hostname'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.2 Set the 'ip domain-name'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.3 Set 'modulus' to greater than or equal to 2048 for 'crypto key generate rsa'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.4 Set 'seconds' for 'ip ssh timeout'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.1.5 Set maximimum value for 'ip ssh authentication-retries'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1.2 Set version 2 for 'ip ssh version'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.2 Set 'no cdp run'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.3 Set 'no ip bootp server'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Set 'no service dhcp'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 Set 'no service dhcp' - dhcp pool

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.5 Set 'no ip identd'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Set 'service tcp-keepalives-in'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.7 Set 'service tcp-keepalives-out'

CONFIGURATION MANAGEMENT

2.1.8 Set 'no service pad'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION

2.2.1 Set 'logging on'

AUDIT AND ACCOUNTABILITY

2.2.2 Set 'buffer size' for 'logging buffered'

AUDIT AND ACCOUNTABILITY