CIS Cisco NX-OS L2 v1.1.0

Audit Details

Name: CIS Cisco NX-OS L2 v1.1.0

Updated: 1/3/2025

Authority: CIS

Plugin: Cisco

Revision: 1.1

Estimated Item Count: 24

File Details

Filename: CIS_Cisco_NX-OS-v1.1.0_Level_2.audit

Size: 133 kB

MD5: f57722514f20de9b8448c433d4b45fc1
SHA256: c344fb747255ecbbc3cfbe096e2395d7497bd54beabc44333947378f22327aa1

Audit Items

DescriptionCategories
1.4.2 Configure Password Encryption

IDENTIFICATION AND AUTHENTICATION, MEDIA PROTECTION

1.5.3 Configure SNMPv3

CONFIGURATION MANAGEMENT, MAINTENANCE

1.5.4 Configure SNMP Traps

CONFIGURATION MANAGEMENT, MAINTENANCE, SYSTEM AND INFORMATION INTEGRITY

1.5.5 Configure SNMP Source Interface for Traps

CONFIGURATION MANAGEMENT, MAINTENANCE

1.5.6 Do not Configure a Read Write SNMP Community String

CONFIGURATION MANAGEMENT, MAINTENANCE

1.6.1 Ensure Syslog Logging is configured

AUDIT AND ACCOUNTABILITY

1.6.2 Log all Successful and Failed Administrative Logins

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

1.6.3 Configure Netflow on Strategic Ports

AUDIT AND ACCOUNTABILITY, INCIDENT RESPONSE, SYSTEM AND INFORMATION INTEGRITY

1.7.4 Configure NTP Authentication

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.8.1 Disable Power on Auto Provisioning (POAP)

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

1.8.2 Disable iPXE (Pre-boot eXecution Environment)

ACCESS CONTROL, CONFIGURATION MANAGEMENT

1.8.3 Set SSH Key Modulus Length

CONFIGURATION MANAGEMENT, MAINTENANCE

1.9 Use Dedicated 'mgmt' Interface and VRF for Administrative Functions

CONFIGURATION MANAGEMENT, MAINTENANCE

3.1.1.1 Configure EIGRP Authentication on all EIGRP Routing Devices

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1.2.2 If Possible, Limit the BGP Routes Accepted from Peers

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.2.3 Configure BGP Authentication

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.3.2 Authenticate OSPF peers with MD5 authentication keys

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.1.4.2 Create and use a single Loopback Address for Routing Protocol Peering

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.1.4.3 Use Unicast Routing Protocols Only

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.3.2 Configure Storm Control

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, INCIDENT RESPONSE, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.4.2 Configure CDP

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5.1 Basic Fiber Channel Configuration

ACCESS CONTROL, CONFIGURATION MANAGEMENT

3.5.2 Configure FCoE Zoning

ACCESS CONTROL, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.3 Configure Alerts on all Configuration Changes

CONFIGURATION MANAGEMENT