CIS Cisco IOS 16 L2 v1.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Cisco IOS 16 L2 v1.1.0

Updated: 3/24/2021

Authority: CIS

Plugin: Cisco

Revision: 1.1

Estimated Item Count: 56

Audit Items

DescriptionCategories
1.1.8 Set 'aaa accounting' to log all privileged use commands using 'commands 15'

AUDIT AND ACCOUNTABILITY

1.1.9 Set 'aaa accounting connection'

AUDIT AND ACCOUNTABILITY

1.1.10 Set 'aaa accounting exec'

AUDIT AND ACCOUNTABILITY

1.1.11 Set 'aaa accounting network'

AUDIT AND ACCOUNTABILITY

1.1.12 Set 'aaa accounting system'

AUDIT AND ACCOUNTABILITY

1.5.9 Set 'priv' for each 'snmp-server group' using SNMPv3

SYSTEM AND COMMUNICATIONS PROTECTION

1.5.10 Require 'aes 128' as minimum for 'snmp-server user' when using SNMPv3

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Configure Login Block - login block-for

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.1 Configure Login Block - login delay
1.6.1 Configure Login Block - login quiet-mode

SYSTEM AND COMMUNICATIONS PROTECTION

1.6.2 AutoSecure
1.6.3 Configuring Kerberos

IDENTIFICATION AND AUTHENTICATION

1.6.4 Configure Web interface

SYSTEM AND COMMUNICATIONS PROTECTION

2.2.8 Set 'login success/failure logging'

AUDIT AND ACCOUNTABILITY

2.3.1.1 Set 'ntp authenticate'

IDENTIFICATION AND AUTHENTICATION

2.3.1.2 Set 'ntp authentication-key'

IDENTIFICATION AND AUTHENTICATION

2.3.1.3 Set the 'ntp trusted-key'

IDENTIFICATION AND AUTHENTICATION

2.3.1.4 Set 'key' for each 'ntp server'

AUDIT AND ACCOUNTABILITY

2.4.1 Create a single 'interface loopback' - 'Only one loopback interface IP Address is defined'

CONFIGURATION MANAGEMENT

2.4.1 Create a single 'interface loopback' - 'Only one loopback interface is defined'

CONFIGURATION MANAGEMENT

2.4.2 Set AAA 'source-interface'

SYSTEM AND COMMUNICATIONS PROTECTION

2.4.3 Set 'ntp source' to Loopback Interface - 'NTP is bound to loopback'

CONFIGURATION MANAGEMENT

2.4.3 Set 'ntp source' to Loopback Interface - 'NTP/SNTP is bound to loopback'
2.4.4 Set 'ip tftp source-interface' to the Loopback Interface

SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2 Set 'no ip proxy-arp'

SYSTEM AND COMMUNICATIONS PROTECTION

3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Default deny configured'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 0.0.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 10.0.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 127.0.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 169.254.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 172.16.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.0.2.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 192.168.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny 224.0.0.0'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny host 255.255.255.255'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - 'Deny internal networks'
3.2.1 Set 'ip access-list extended' to Forbid Private Source Addresses from External Networks - External interface has ACL applied
3.2.2 Set inbound 'ip access-group' on the External Interface

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.1 Set 'key chain'

IDENTIFICATION AND AUTHENTICATION

3.3.1.2 Set 'key'
3.3.1.3 Set 'key-string'

IDENTIFICATION AND AUTHENTICATION

3.3.1.4 Set 'address-family ipv4 autonomous-system'

IDENTIFICATION AND AUTHENTICATION

3.3.1.5 Set 'af-interface default'

IDENTIFICATION AND AUTHENTICATION

3.3.1.6 Set 'authentication key-chain'

IDENTIFICATION AND AUTHENTICATION

3.3.1.7 Set 'authentication mode md5'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.8 Set 'ip authentication key-chain eigrp'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.1.9 Set 'ip authentication mode eigrp'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.2.1 Set 'authentication message-digest' for OSPF area
3.3.2.2 Set 'ip ospf message-digest-key md5'

SYSTEM AND COMMUNICATIONS PROTECTION

3.3.3.1 Set 'key chain'

IDENTIFICATION AND AUTHENTICATION