Detections
Analytics
CIS Cisco NX-OS L1 v1.1.0
Audit Details
Name: CIS Cisco NX-OS L1 v1.1.0
Updated: 12/4/2024
Authority: CIS
Plugin: Cisco
Revision: 1.2
Estimated Item Count: 39
File Details
Filename: CIS_Cisco_NX-OS-v1.1.0_Level_1.audit
Size: 164 kB
Audit Items
| Description | Categories |
|---|---|
| 1.1.1.1 Configure AAA Authentication - TACACS if applicable | ACCESS CONTROL |
| 1.1.1.2 Configure AAA Authentication - Local SSH keys | ACCESS CONTROL |
| 1.1.1.3 Configure AAA Authentication - RADIUS if applicable | ACCESS CONTROL |
| 1.1.2.1 vty line authentication | ACCESS CONTROL |
| 1.2.1 Restrict Access to VTY Sessions | ACCESS CONTROL, CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY |
| 1.2.2 Configure IP Blocking on Failed Logins | AUDIT AND ACCOUNTABILITY |
| 1.2.3 Limit SSH Login Attempts | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.4 Ensure Exec Timeout for Console Sessions is set | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.5 Ensure Exec Timeout for Remote Administrative Sessions (VTY) is set | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.6 Set the Maximum Number of VTY Sessions | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2.7 Disable the Telnet Feature | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.3.1 Pre-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.3.2 Post-authentication Banner | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.4.1 Enable Password Complexity Requirements for Local Credentials | IDENTIFICATION AND AUTHENTICATION |
| 1.4.3 Set password lifetime, warning time and grace time for local credentials | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 1.4.4 Set password length for local credentials | IDENTIFICATION AND AUTHENTICATION |
| 1.5.1 If SNMPv2 is in use, use a Complex Community String | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.5.2 If SNMPv2 is in use, set Restrictions on Access | ACCESS CONTROL, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6.4 Configure Logging Timestamps | AUDIT AND ACCOUNTABILITY |
| 1.7.1 Configure at least 2 external NTP Servers | AUDIT AND ACCOUNTABILITY |
| 1.7.2 Configure a Time Zone | AUDIT AND ACCOUNTABILITY |
| 1.7.3 If a Local Time Zone is used, Configure Daylight Savings | AUDIT AND ACCOUNTABILITY |
| 2.1.1 Configure Control Plane Policing | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.2 Configure EIGRP Passive interfaces for interfaces that do not have peers | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.1.3 Configure EIGRP log-adjacency-changes | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.2.1 Configure BGP to Log Neighbor Changes | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1.3.1 Set Interfaces with no Peers to Passive-Interface | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.3.3 Log OSPF Adjacency Changes | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.1 If VLAN interfaces have IP addreses, configure anti spoofing / ingress filtering protections | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 3.1.4.4 Configure HSRP protections | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.1.1 Configure RA Guard | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.2.2 Disable ICMP Redirects on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.3 Disable Proxy ARP on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.4 Disable IP Directed Broadcasts on all Layer 3 Interfaces | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2.5 Disable IP Source-Routing | CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.3.1 Configure DHCP Trust | ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.4.1 Configure LLDP | SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 4.1 Configure Local Configuration Backup Schedule | CONTINGENCY PLANNING |
| 4.2 Configure a Remote Backup Schedule | CONTINGENCY PLANNING |